domingo, 21 de janeiro de 2024

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Related word


  1. Hak5 Tools
  2. What Is Hacking Tools
  3. Hacker Tools For Ios
  4. Pentest Tools Website
  5. Nsa Hack Tools
  6. Pentest Tools
  7. Pentest Tools Bluekeep
  8. Hacker Tools Software
  9. Hacking Tools Usb
  10. Hacking Tools Pc
  11. Hacking Tools Download
  12. Computer Hacker
  13. Tools 4 Hack
  14. Hacks And Tools
  15. Hacker Tools For Mac
  16. How To Make Hacking Tools
  17. Hacking Tools Mac
  18. Hack Tools For Pc
  19. Hacker Hardware Tools
  20. Hacker Tools 2019
  21. Hack Tools For Ubuntu
  22. Pentest Tools Github
  23. Hacking Tools Download
  24. Pentest Tools Github
  25. Pentest Tools Url Fuzzer
  26. Hacking Tools Usb
  27. Pentest Tools For Windows
  28. Hack Website Online Tool
  29. Growth Hacker Tools
  30. Hacking Tools And Software
  31. Kik Hack Tools
  32. Kik Hack Tools
  33. Hacking Tools Online
  34. Hack Website Online Tool
  35. Pentest Box Tools Download
  36. Hack Tools For Ubuntu
  37. Hacking Tools 2019
  38. Best Hacking Tools 2019
  39. Pentest Reporting Tools
  40. Termux Hacking Tools 2019
  41. Hacker Techniques Tools And Incident Handling
  42. Hacking Tools For Pc
  43. Blackhat Hacker Tools
  44. Pentest Tools Open Source
  45. Hacking Tools Name
  46. Hackers Toolbox
  47. Hack And Tools
  48. Ethical Hacker Tools
  49. How To Make Hacking Tools
  50. Hack And Tools
  51. Pentest Tools Nmap
  52. Beginner Hacker Tools
  53. Hacking Tools 2019
  54. Hacking Tools Usb
  55. Hack App
  56. Hack Tools For Mac
  57. Pentest Tools Subdomain
  58. Pentest Automation Tools
  59. Pentest Tools Website
  60. New Hack Tools
  61. Hack Tools 2019
  62. Hack Rom Tools
  63. Pentest Tools Framework
  64. Hack Tools
  65. Pentest Tools Linux
  66. Hacker Hardware Tools
  67. Pentest Tools
  68. Pentest Tools Linux
  69. Pentest Tools For Mac
  70. Hack Apps
  71. Hacking Tools Online
  72. Hack Tool Apk
  73. Hacker Tools Free
  74. Pentest Tools Android
  75. Pentest Tools Subdomain
  76. Hacking Tools 2020
  77. Hack Tools Github
  78. Hacking Tools Download
  79. How To Make Hacking Tools
  80. Hacking Tools For Kali Linux
  81. Hacker Tools 2019
  82. Hacker Tools Online
  83. Best Hacking Tools 2019
  84. Computer Hacker
  85. Best Pentesting Tools 2018
  86. Hacker Tools Software
  87. Hack Tools Download
  88. Hacker Tools Github
  89. Hacking Apps
  90. Hacker Tools Mac
  91. Hackers Toolbox
  92. Pentest Tools Tcp Port Scanner
  93. Hacker Tools Online
  94. Pentest Tools Github
  95. Hacking Tools Online
Postado por Henrique Schunck às 12:00

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)