Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

• Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
• Functions.dll: The "real" library which exposes valid functionality to the harness
• Theif.dll: The "evil" library which is attempting to gain execution
• NetClone.exe: A C# application which will clone exports from one DLL to another
• PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

• Stc-Forward: Forwards export names during the build process using linker comments
• Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
• Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
• Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.

Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Download Koppeling

More articles

1. Hacking Tools For Pc
2. Hacker Tools
3. Best Pentesting Tools 2018
4. Hacking Tools Pc
5. Pentest Tools Free
6. Install Pentest Tools Ubuntu
7. Android Hack Tools Github
8. Hacker Tools Windows
9. Kik Hack Tools
10. What Are Hacking Tools
11. Hacker Tools 2019
12. Computer Hacker
13. Hack Tools For Games
14. Ethical Hacker Tools
15. Hacker Tools Free
16. Hacking Tools Usb
17. Computer Hacker
18. Hack Tools
19. Bluetooth Hacking Tools Kali
20. Hacker Hardware Tools
21. Growth Hacker Tools
22. Hack Tools For Mac
23. Hacker Tools For Ios
24. Hacking Tools Windows 10
25. Pentest Tools Find Subdomains
26. Hackers Toolbox
27. What Is Hacking Tools
28. Pentest Tools For Windows
29. Hack Tool Apk
30. How To Install Pentest Tools In Ubuntu
31. Best Hacking Tools 2019
32. Hacking Tools Github
33. Hack Tools Mac
34. Hacker Search Tools
35. Tools For Hacker
36. Pentest Tools Website Vulnerability
37. Hacker Tools Apk Download
38. Pentest Tools Alternative
39. Hacking Tools Github
40. Computer Hacker
41. Best Hacking Tools 2020
42. Hack Apps
43. Pentest Tools Download
44. Hacking Tools For Games
45. Hack Tools For Pc
46. Hack Tools Pc
47. Hack Tools For Ubuntu
48. How To Make Hacking Tools
49. Pentest Tools Url Fuzzer
50. Hacking Tools For Games
51. Hacker Tools Mac
52. Hacking Tools Windows
53. Pentest Tools Windows
54. Hacking Tools Pc
55. Pentest Tools Url Fuzzer
56. Pentest Automation Tools
57. Hacking Tools Pc
58. Pentest Tools Free
59. Hacking Tools Online
60. Pentest Tools Website
61. Hacking Tools For Kali Linux
62. Hack Tools For Games
63. Pentest Tools Windows
64. Pentest Tools Find Subdomains
65. Hacker Search Tools
66. Hack Tools For Windows
67. Hack Tools Mac
68. Pentest Tools Framework
69. Hacker Tools Apk Download
70. Hack Tools For Pc
71. Hacking Tools Windows
72. Hacker Tools For Windows
73. Pentest Tools Subdomain
74. Hack Tools Github
75. How To Hack
76. Hacker Tools Software
77. Hacker Tools Mac
78. Hack Tools Mac
79. Github Hacking Tools
80. Top Pentest Tools
81. Hacker Security Tools
82. Pentest Tools Linux
83. Hacking Tools For Games
84. Android Hack Tools Github
85. Hack Tools For Pc
86. Hacker Hardware Tools
87. Pentest Tools Url Fuzzer
88. Pentest Tools For Mac
89. Usb Pentest Tools
90. Pentest Tools Linux
91. Hack And Tools
92. Hacking Tools Software
93. Hack Tools For Windows
94. Nsa Hack Tools Download
95. Pentest Tools Github
96. Hacking Tools For Pc
97. Hack Tools For Mac
98. Hack Tools Pc
99. Hacking Tools Hardware
100. What Are Hacking Tools
101. Pentest Tools Github
102. Hacker Hardware Tools
103. What Are Hacking Tools
104. Hacker Tools Apk Download
105. What Are Hacking Tools
106. Hacking Apps
107. Best Hacking Tools 2020
108. Hacking Tools Download
109. Pentest Tools For Ubuntu
110. Hacker Tools Mac
111. Hacking App
112. Growth Hacker Tools
113. Hack Tools Pc
114. Pentest Tools Framework
115. Hacker Tools
116. Pentest Tools Online
117. Hack Rom Tools
118. Hack App
119. Pentest Tools List
120. Hack Tools For Games
121. Pentest Tools Review
122. Hack Tools Github
123. Top Pentest Tools
124. Hacker Tools Windows
125. Hacking Tools For Windows 7
126. Hacking Tools Usb
127. Install Pentest Tools Ubuntu
128. Pentest Tools For Ubuntu
129. Hack Tools For Pc
130. Pentest Tools Open Source
131. Hacking Tools Mac
132. Hacker Tools Windows
133. Pentest Tools For Mac
134. Hack Tools Pc
135. Hacker Tools For Ios
136. Nsa Hacker Tools
137. How To Make Hacking Tools
138. Hacking Tools Mac
139. Pentest Tools Github
140. Android Hack Tools Github
141. Hacker Security Tools
142. Hack Tools For Mac
143. Hacker Tools List
144. Hacker Techniques Tools And Incident Handling
145. Pentest Reporting Tools
146. Bluetooth Hacking Tools Kali
147. Nsa Hack Tools Download
148. Hacker Tools Hardware
149. Pentest Tools Url Fuzzer
150. Hack Tools
151. Tools Used For Hacking
152. Hacker Security Tools
153. Hacking Tools
154. Hacker Tools For Mac
155. Github Hacking Tools
156. Nsa Hack Tools Download
157. Pentest Reporting Tools