Monday, 5 June 2023

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

More info


  1. Hack Tools For Ubuntu
  2. Pentest Tools List
  3. Hacking Tools Pc
  4. Hacker Tools Free
  5. Black Hat Hacker Tools
  6. Hacking Tools Mac
  7. Physical Pentest Tools
  8. Hacker Tools For Ios
  9. Hacking Tools 2020
  10. Pentest Automation Tools
  11. Pentest Tools Android
  12. Usb Pentest Tools
  13. Hack Apps
  14. Pentest Box Tools Download
  15. Free Pentest Tools For Windows
  16. Hacks And Tools
  17. Hacker Tools For Pc
  18. Pentest Tools Android
  19. Pentest Tools Apk
  20. Pentest Tools For Windows
  21. Pentest Box Tools Download
  22. Hack Tools 2019
  23. Nsa Hack Tools
  24. Beginner Hacker Tools
  25. Pentest Automation Tools
  26. Top Pentest Tools
  27. Bluetooth Hacking Tools Kali
  28. Pentest Tools Android
  29. Hacking Tools For Windows Free Download
  30. Hak5 Tools
  31. Hacking Tools
  32. Wifi Hacker Tools For Windows
  33. Hack Tools For Games
  34. Hack Tools Online
  35. Pentest Tools Linux
  36. Pentest Tools Kali Linux
  37. Hacker Tools Github
  38. Hacker Tools 2019
  39. Hacking Tools Pc
  40. Hacking App
  41. Pentest Tools Kali Linux
  42. Hacking Tools Mac
  43. Hacking Tools
  44. Nsa Hacker Tools
  45. Pentest Tools Tcp Port Scanner
  46. Hacking Tools Free Download
  47. Pentest Box Tools Download
  48. Pentest Tools Apk
  49. Hacks And Tools
  50. Pentest Tools For Ubuntu
  51. Pentest Tools Kali Linux
  52. Hacker Tools Hardware
  53. Hacking Tools Hardware
  54. Hacking Tools For Pc
  55. Pentest Tools Free
  56. Hacker Search Tools
  57. Hacker Tools Apk
  58. Hack Rom Tools
  59. Pentest Tools Website Vulnerability
  60. Pentest Tools For Android
  61. Hacker Security Tools
  62. Hacking Tools 2019
  63. Install Pentest Tools Ubuntu
  64. How To Install Pentest Tools In Ubuntu
  65. Hacker Hardware Tools
  66. Hacker Tools Apk
  67. Pentest Tools Linux
  68. Github Hacking Tools
  69. Hack Tools Mac
  70. Pentest Recon Tools
  71. Hack Tools Online
  72. Hacker Tools 2020
  73. Tools 4 Hack
  74. Pentest Tools Url Fuzzer
  75. Hacker Tools Hardware
  76. Hack App
  77. Hack Tools Download
  78. Hacker Tools Windows
  79. Pentest Tools Port Scanner
  80. Hacker Tools
  81. Hack Rom Tools
  82. Hack Rom Tools
  83. Hacker Tools List
  84. Hacking Tools Kit
  85. Hack Tools Github
  86. Hacking Tools 2019
  87. Blackhat Hacker Tools
  88. Pentest Recon Tools
  89. Pentest Tools For Ubuntu
  90. Tools Used For Hacking
  91. Pentest Tools For Windows
  92. What Are Hacking Tools
  93. Hacking Tools For Windows Free Download
  94. Ethical Hacker Tools
  95. Pentest Tools Github
  96. Pentest Automation Tools
  97. Pentest Recon Tools
  98. Hacking Tools For Windows
  99. Pentest Tools Github
  100. Hack Tool Apk No Root
  101. Pentest Tools Windows
  102. Wifi Hacker Tools For Windows
  103. Top Pentest Tools
  104. Pentest Tools For Android
  105. Hacker Tools
  106. Pentest Tools Bluekeep
  107. Hacker Tools For Windows
  108. Hacker
  109. Hack Tool Apk
  110. Hacking Tools For Kali Linux
  111. Nsa Hack Tools Download
  112. Hacking Tools Hardware
  113. Tools Used For Hacking
  114. Hacking Tools Hardware
  115. New Hacker Tools
  116. How To Install Pentest Tools In Ubuntu
  117. Hack Tools Online
  118. Pentest Tools Url Fuzzer
  119. Physical Pentest Tools
  120. Hacker
  121. Beginner Hacker Tools
  122. Hacking Tools Github
  123. Pentest Box Tools Download
  124. Hacker Tools Windows
  125. Hacking Tools And Software
  126. Hack Tools For Ubuntu
  127. Tools 4 Hack
  128. Hacking Tools For Beginners
  129. Free Pentest Tools For Windows
  130. Hacker Tools Software
  131. New Hack Tools
  132. Hacker Tools Windows
  133. Tools Used For Hacking
  134. Tools 4 Hack
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)