Thursday, January 25, 2024

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Continue reading


  1. Pentest Tools Nmap
  2. Hack Tools Mac
  3. Hacker Tools Github
  4. Hacker Tools Apk
  5. Pentest Tools Kali Linux
  6. Hacker Tools Github
  7. Hacks And Tools
  8. Hacking Tools
  9. Hack Tools Pc
  10. Hacking Tools Windows 10
  11. Hack Apps
  12. Hack Tools 2019
  13. World No 1 Hacker Software
  14. Hacker Tools Software
  15. Pentest Tools Apk
  16. Hacking Tools Download
  17. Hack Tools Pc
  18. Pentest Tools Review
  19. Hacking Tools For Windows Free Download
  20. Pentest Tools Website Vulnerability
  21. Hack Tools For Mac
  22. Pentest Tools Online
  23. Pentest Tools Download
  24. Hacker
  25. Hack Tools For Pc
  26. Hacking Tools Pc
  27. Black Hat Hacker Tools
  28. New Hack Tools
  29. Free Pentest Tools For Windows
  30. Hacking Tools Windows 10
  31. Hacker Tools Windows
  32. Pentest Reporting Tools
  33. Hacker Tools Online
  34. How To Hack
  35. Hacker Tools Windows
  36. Hacking Tools For Kali Linux
  37. Hak5 Tools
  38. Hacker Tools List
  39. Tools Used For Hacking
  40. Ethical Hacker Tools
  41. Hacking Tools And Software
  42. Pentest Tools For Mac
  43. How To Install Pentest Tools In Ubuntu
  44. Hacking Tools Kit
  45. Hack Tools
  46. Hacker Tools List
  47. Pentest Tools For Ubuntu
  48. Hack Tools Download
  49. Pentest Tools Website Vulnerability
  50. Hacker Tool Kit
  51. Easy Hack Tools
  52. Hack Tools Mac
  53. Hacker Tools List
  54. Hacker Tools Hardware
  55. Wifi Hacker Tools For Windows
  56. Hack Tool Apk
  57. How To Make Hacking Tools
  58. Pentest Reporting Tools
  59. Hacker Tools Free Download
  60. Hack Tools For Pc
  61. Tools For Hacker
  62. Hack Tools Download
  63. Hacker Tools
  64. Hacker Security Tools
  65. Hacker Tools Software
  66. Underground Hacker Sites
  67. Pentest Tools Github
  68. Hack Tool Apk No Root
  69. Hacker Search Tools
  70. Hack Tool Apk No Root
  71. Hack Tools For Mac
  72. Hacker Tools Apk Download
  73. Game Hacking
  74. Pentest Tools Windows
  75. Hacking Apps
  76. Growth Hacker Tools
  77. Hacking Tools For Kali Linux
  78. Nsa Hacker Tools
  79. Hak5 Tools
  80. Hacker Tools Apk
  81. What Is Hacking Tools
  82. Hack And Tools
  83. Pentest Tools Kali Linux
  84. Easy Hack Tools
  85. Hacker Tools
  86. Hacking Tools Free Download
  87. Hacker Hardware Tools
  88. Hack Tool Apk No Root
  89. Hacking Tools Online
  90. Install Pentest Tools Ubuntu
  91. Pentest Tools Online
  92. Hacker Tools Free
  93. Hacker Security Tools
  94. Pentest Tools List
  95. Hacker Tools Mac
  96. What Are Hacking Tools
  97. Tools Used For Hacking
  98. Hacker Tools Windows
  99. Tools For Hacker
  100. Pentest Tools Android
  101. Bluetooth Hacking Tools Kali
  102. Tools Used For Hacking
  103. Pentest Tools For Windows
  104. Top Pentest Tools
  105. Hacking Tools For Kali Linux
  106. Pentest Tools Tcp Port Scanner
  107. Pentest Automation Tools
  108. New Hacker Tools
  109. Hacker Hardware Tools
  110. Kik Hack Tools
  111. Termux Hacking Tools 2019
  112. Hacking Tools And Software
  113. Hack And Tools
  114. Pentest Tools Linux
  115. Black Hat Hacker Tools
  116. Hacking Tools Hardware
  117. Hacker Tools For Pc
  118. Hacking Tools For Games
  119. Pentest Tools For Ubuntu
  120. Pentest Tools For Android
  121. What Are Hacking Tools
  122. New Hack Tools
  123. Hacking Tools Usb
  124. Hacker Tools List
  125. Hacking Tools And Software
  126. Hacking Tools Kit
  127. Hacking Tools
  128. How To Make Hacking Tools
  129. Pentest Tools Review
  130. Hack Tool Apk
  131. Tools Used For Hacking
  132. Free Pentest Tools For Windows
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)