sábado, 3 de junio de 2023

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User



Continue reading


  1. Best Pentesting Tools 2018
  2. Hacking Tools Pc
  3. Android Hack Tools Github
  4. Tools For Hacker
  5. Hack App
  6. Pentest Tools Apk
  7. Hacker Tools Hardware
  8. Hacker Tool Kit
  9. Hacking Tools Windows
  10. Hacker Tool Kit
  11. Hacker Tools Windows
  12. Hack And Tools
  13. Hackrf Tools
  14. Pentest Box Tools Download
  15. Hacking Tools Kit
  16. Hack Tools
  17. Pentest Tools Apk
  18. Kik Hack Tools
  19. Game Hacking
  20. Hacker Tools For Windows
  21. Hacking Tools Software
  22. Hacking Tools Github
  23. New Hacker Tools
  24. Hacker Tools For Mac
  25. Wifi Hacker Tools For Windows
  26. Hacking Tools For Windows Free Download
  27. Hack Tool Apk
  28. Pentest Tools Website
  29. Black Hat Hacker Tools
  30. Hack Tools For Mac
  31. Hacker Tools Apk
  32. Hacker Tools Software
  33. Hacker Security Tools
  34. Hacking Tools Online
  35. Pentest Tools Review
  36. Pentest Tools Website Vulnerability
  37. Hacking Tools Software
  38. Pentest Tools Find Subdomains
  39. Hack Tool Apk No Root
  40. Kik Hack Tools
  41. Hack Tool Apk No Root
  42. Hacking Tools Windows
  43. Best Pentesting Tools 2018
  44. Pentest Tools Review
  45. Pentest Tools Open Source
  46. Nsa Hack Tools
  47. What Are Hacking Tools
  48. Pentest Automation Tools
  49. Hacker Tools
  50. Hack Tools Download
  51. Github Hacking Tools
  52. Pentest Tools Online
  53. Hacker Tools 2020
  54. Kik Hack Tools
  55. Hacking Tools For Pc
  56. Computer Hacker
  57. Pentest Tools Android
  58. Hack Tools Online
  59. Pentest Tools For Android
  60. Best Hacking Tools 2020
  61. Tools 4 Hack
  62. Hack Rom Tools
  63. Hack Tools Pc
  64. Ethical Hacker Tools
  65. Hacking Tools Kit
  66. Hacker Tools 2020
  67. Hack Tools 2019
  68. Hacker Tools Mac
  69. Termux Hacking Tools 2019
  70. Github Hacking Tools
  71. Hacking Tools For Kali Linux
  72. Hacker Tools Software
  73. Hacking Tools Windows 10
  74. Pentest Tools Apk
  75. Pentest Tools Windows
  76. Hack Tools For Pc
  77. Hacking Tools Free Download
  78. Pentest Tools Port Scanner
  79. Pentest Tools Url Fuzzer
  80. Pentest Tools Website
  81. Pentest Box Tools Download
  82. Nsa Hack Tools
  83. Hack Tool Apk No Root
  84. Easy Hack Tools
  85. Termux Hacking Tools 2019
  86. Hack Tools
  87. Hacking Tools Usb
  88. Top Pentest Tools
  89. Pentest Tools Kali Linux
  90. Hack Tool Apk No Root
  91. Pentest Tools Nmap
  92. Hacking Tools Usb
  93. Game Hacking
  94. Hacker Tools Mac
  95. Physical Pentest Tools
  96. Hacking Tools For Mac
  97. Hack Tools 2019
  98. Easy Hack Tools
  99. Pentest Recon Tools
  100. Black Hat Hacker Tools
  101. Hacker Techniques Tools And Incident Handling
  102. Install Pentest Tools Ubuntu
  103. Hacking Tools Online
  104. Beginner Hacker Tools
  105. Hacker Tools Apk
  106. Pentest Tools Free
  107. Pentest Tools Framework
  108. Hacker Techniques Tools And Incident Handling
  109. World No 1 Hacker Software
  110. Hacking Tools For Mac
  111. Pentest Tools Review
  112. Growth Hacker Tools
  113. Hacking Tools Hardware
  114. World No 1 Hacker Software
  115. Hack Tools
  116. Hack Tools 2019
  117. Hacker Tools Online
  118. Hacking Tools For Games
  119. Hacker Tools
  120. Pentest Tools Tcp Port Scanner
  121. Hack Tools Download
  122. Hacking Tools Software
  123. Beginner Hacker Tools
  124. Hack Tools Download
  125. Hacking Tools Kit
  126. Hacking Tools For Mac
  127. Hacking Apps
  128. Bluetooth Hacking Tools Kali
  129. Hack Tools For Ubuntu
  130. Hacker Tools For Pc
  131. Hacking Tools Name
  132. Hacker Search Tools
  133. Hacker Tools Apk Download
  134. Hacking Tools Windows 10
  135. Pentest Tools Bluekeep
  136. Pentest Tools Windows
  137. How To Make Hacking Tools
  138. Hacking Tools Windows
  139. Hack App
  140. New Hacker Tools
  141. Bluetooth Hacking Tools Kali
  142. Pentest Tools Windows
  143. Hacking Tools For Games
  144. Hacking Tools For Mac
  145. How To Hack
  146. Black Hat Hacker Tools
  147. Pentest Tools Android
  148. Hack Tools

No hay comentarios: