Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

• Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
• Functions.dll: The "real" library which exposes valid functionality to the harness
• Theif.dll: The "evil" library which is attempting to gain execution
• NetClone.exe: A C# application which will clone exports from one DLL to another
• PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

• Stc-Forward: Forwards export names during the build process using linker comments
• Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
• Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
• Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.

Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Download Koppeling

Related news

1. Pentest Recon Tools
2. Hack Tools Pc
3. Hacker Tools Windows
4. Hack Tools Mac
5. Pentest Tools Open Source
6. Hack Tools For Windows
7. Hackrf Tools
8. Hacker Tools Free Download
9. Pentest Tools List
10. Underground Hacker Sites
11. Growth Hacker Tools
12. Pentest Tools Android
13. Pentest Tools For Windows
14. Hacking Tools For Windows
15. Hacker Tools Mac
16. Hacker Tools Online
17. Hacker Tools Linux
18. Hacking Tools For Windows Free Download
19. Hacker
20. Hack Tools Download
21. Computer Hacker
22. Hack Tools Download
23. Pentest Tools Download
24. Hacking Tools Usb
25. Nsa Hack Tools
26. Hacking Tools
27. Hack Tools For Windows
28. Hacker Tools Mac
29. Hacking Tools Name
30. Hacking Tools For Mac
31. Android Hack Tools Github
32. Pentest Box Tools Download
33. Hacker Tools 2020
34. Hacking Tools For Windows
35. Hacker Tools 2020
36. Hacker Tools List
37. Pentest Tools Framework
38. Top Pentest Tools
39. Hacker Tools 2020
40. Hacking Tools Name
41. Pentest Tools Find Subdomains
42. Hacking Tools
43. Hacker Tools List
44. Hack Rom Tools
45. Hack Tools Online
46. Nsa Hack Tools
47. Hacker Tools Software
48. Nsa Hack Tools
49. Hacker Tools Apk
50. Hack Tools Github
51. Hack Website Online Tool
52. Pentest Tools Download
53. Hacking Tools Download
54. Kik Hack Tools
55. Hacker Tools 2019
56. Hack Tools For Ubuntu
57. Hacking Tools Free Download
58. Pentest Tools Nmap
59. What Is Hacking Tools
60. Pentest Recon Tools
61. How To Install Pentest Tools In Ubuntu
62. Hacker Tools Github
63. How To Install Pentest Tools In Ubuntu
64. Hacking Apps
65. Hacking Tools For Pc
66. Pentest Reporting Tools
67. Pentest Tools Framework
68. Hackers Toolbox
69. Android Hack Tools Github
70. Hacking Tools Usb