Saturday, January 27, 2024

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User



Related news
  1. How To Install Pentest Tools In Ubuntu
  2. Hacker Tools For Windows
  3. Hacking Tools Usb
  4. What Is Hacking Tools
  5. Hack Tools Github
  6. Hacking Tools Free Download
  7. Pentest Tools Nmap
  8. Game Hacking
  9. Pentest Automation Tools
  10. Pentest Tools Find Subdomains
  11. Hacking Tools Mac
  12. Hack Tools For Windows
  13. Hacker Tools Free Download
  14. Wifi Hacker Tools For Windows
  15. Pentest Tools Bluekeep
  16. New Hack Tools
  17. Pentest Tools Download
  18. Hacker Tools Mac
  19. Hack Tools For Mac
  20. Hacking Tools Windows 10
  21. Hack Tools
  22. Hack Tools Online
  23. Pentest Tools For Windows
  24. Hacker Tools Apk
  25. Hack Tools Pc
  26. Hacking Tools For Windows Free Download
  27. What Is Hacking Tools
  28. Pentest Tools Windows
  29. Pentest Tools Alternative
  30. Hacker Tool Kit
  31. Pentest Tools Find Subdomains
  32. Pentest Tools Download
  33. Hacker Security Tools
  34. Hacking Tools Pc
  35. Pentest Tools Tcp Port Scanner
  36. Hacker
  37. Hacker Tools Free Download
  38. Pentest Tools Apk
  39. Hacker Tools List
  40. Hacking Tools For Pc
  41. Pentest Tools Free
  42. Best Hacking Tools 2019
  43. Hacking Tools Hardware
  44. Growth Hacker Tools
  45. Hacker Tools Mac
  46. Hack Tools Github
  47. Ethical Hacker Tools
  48. Hacker Tools Apk Download
  49. Hacker Tools For Mac
  50. Hacking Tools Download
  51. Github Hacking Tools
  52. Hacking App
  53. Pentest Tools Github
  54. Hack Tools Github
  55. Usb Pentest Tools
  56. Hacking Tools Usb
  57. Pentest Automation Tools
  58. Pentest Reporting Tools
  59. Hacker Tools List
  60. Hack Tools Mac
  61. Hacking Tools Free Download
  62. Install Pentest Tools Ubuntu
  63. Pentest Tools Subdomain
  64. Hack Tools Mac
  65. Hacking Tools Usb
  66. Pentest Recon Tools
  67. Hack Tools Pc
  68. Easy Hack Tools
  69. Growth Hacker Tools
  70. Hacking Tools For Beginners
  71. Hacking Tools Download
  72. Bluetooth Hacking Tools Kali
  73. Best Hacking Tools 2019
  74. Pentest Tools Apk
  75. Growth Hacker Tools
  76. Pentest Tools Linux
  77. Hack App
  78. Pentest Automation Tools
  79. Hacker Tools
  80. Hacker Tool Kit
  81. Pentest Box Tools Download
  82. Pentest Tools Android
  83. Pentest Tools Review
  84. Beginner Hacker Tools
  85. Hack Rom Tools
  86. Hack Tools Online
  87. Pentest Tools Url Fuzzer
  88. Pentest Tools For Mac
  89. Tools 4 Hack
  90. Pentest Tools Port Scanner
  91. Underground Hacker Sites
  92. Hacker Tools
  93. Hack Tool Apk No Root
  94. Hack Tools Pc
  95. Free Pentest Tools For Windows
  96. Pentest Automation Tools
  97. Underground Hacker Sites
  98. Hacking App
  99. Hacking Tools 2020
  100. Hacking Tools Free Download
  101. Hack Website Online Tool
  102. Hacker Tools Software
  103. Beginner Hacker Tools
  104. Pentest Tools Alternative
  105. Pentest Tools List
  106. Hack Tools
  107. Hack And Tools
  108. Kik Hack Tools
  109. Hacker Tools For Ios
  110. Hacker Tools Apk
  111. Hacking Tools Name
  112. Pentest Tools Website Vulnerability
  113. Usb Pentest Tools
  114. Hacker Tools Free Download
  115. Hacker Tools Hardware
  116. Pentest Tools Alternative
  117. Hacking Apps
  118. Hacking Tools For Windows 7
  119. Pentest Box Tools Download
  120. Hacking Tools 2019
  121. Hacking Tools Online
  122. Hacker Tools Windows
  123. Hacking Tools 2020
  124. Pentest Tools Port Scanner
  125. Hacking Tools Name
  126. Free Pentest Tools For Windows
  127. Hacker
  128. Hack Tool Apk No Root
  129. Install Pentest Tools Ubuntu
  130. Kik Hack Tools
  131. Kik Hack Tools
  132. Nsa Hacker Tools
  133. New Hacker Tools
  134. Hacker Tools Apk Download
  135. Hacking Tools Windows 10
  136. Android Hack Tools Github
  137. Hack Tools
  138. Kik Hack Tools

0 Comments:

Post a Comment

<< Home