Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

• Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
• Functions.dll: The "real" library which exposes valid functionality to the harness
• Theif.dll: The "evil" library which is attempting to gain execution
• NetClone.exe: A C# application which will clone exports from one DLL to another
• PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

• Stc-Forward: Forwards export names during the build process using linker comments
• Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
• Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
• Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.

Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Download Koppeling

Related articles

1. Hack App
2. What Is Hacking Tools
3. Hack Tools
4. Hack And Tools
5. Best Pentesting Tools 2018
6. Pentest Tools Tcp Port Scanner
7. Top Pentest Tools
8. Tools 4 Hack
9. Hack Tools
10. Hacker Tools Software
11. Growth Hacker Tools
12. Hack Tools For Ubuntu
13. Pentest Tools Windows
14. Hack Tool Apk No Root
15. Hacker Hardware Tools
16. Hacking Tools For Windows 7
17. Hack Tools Pc
18. Pentest Tools Download
19. Hacker Tools Apk
20. Best Hacking Tools 2020
21. Hacker Tool Kit
22. Hacker Tools Github
23. New Hacker Tools
24. Pentest Tools Port Scanner
25. Pentest Tools Framework
26. Easy Hack Tools
27. Hacking Tools For Windows Free Download
28. Hacking App
29. Hacker Hardware Tools
30. Black Hat Hacker Tools
31. Blackhat Hacker Tools
32. Pentest Reporting Tools
33. Termux Hacking Tools 2019
34. Pentest Tools Tcp Port Scanner
35. Wifi Hacker Tools For Windows
36. Hacker Tools Apk
37. What Are Hacking Tools
38. Hack Tools
39. Pentest Tools Alternative
40. Hacker Tools List
41. Bluetooth Hacking Tools Kali
42. Hack Tools Download
43. Hacker Tools For Mac
44. Growth Hacker Tools
45. Hack Tools For Pc
46. Hacker Hardware Tools
47. Install Pentest Tools Ubuntu
48. Easy Hack Tools
49. Pentest Tools Url Fuzzer
50. Tools 4 Hack
51. Game Hacking
52. Best Pentesting Tools 2018
53. Pentest Tools Linux
54. Hacker Security Tools
55. Pentest Automation Tools
56. Best Hacking Tools 2019
57. What Is Hacking Tools
58. Pentest Tools Kali Linux
59. Hack Tools
60. Pentest Reporting Tools
61. Top Pentest Tools
62. Install Pentest Tools Ubuntu
63. Hacking Tools For Kali Linux
64. Physical Pentest Tools
65. Pentest Reporting Tools