Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

• Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
• Functions.dll: The "real" library which exposes valid functionality to the harness
• Theif.dll: The "evil" library which is attempting to gain execution
• NetClone.exe: A C# application which will clone exports from one DLL to another
• PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

• Stc-Forward: Forwards export names during the build process using linker comments
• Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
• Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
• Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.

Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Download Koppeling

Related articles

1. Hacking Tools Software
2. Best Hacking Tools 2020
3. Hacker Tools
4. Hack Tools For Pc
5. Pentest Tools Apk
6. Hacking Tools For Windows Free Download
7. Hacking Tools Software
8. Pentest Tools
9. What Are Hacking Tools
10. Pentest Tools Review
11. Hacking Tools For Windows
12. Hacking Tools For Windows
13. Hack Tools Mac
14. Hacker Tools Software
15. Hack Apps
16. Hacking Tools Free Download
17. Hacking Tools Name
18. How To Install Pentest Tools In Ubuntu
19. Hacking Tools 2020
20. Pentest Tools Url Fuzzer
21. Hack Tools For Mac
22. Pentest Tools Framework
23. Free Pentest Tools For Windows
24. Hack Tools 2019
25. Hacker Tools 2020
26. Hacking Tools 2020
27. Hacker Tools Windows
28. Hacking Tools Usb
29. Hacker Tools For Pc
30. Hack Tool Apk
31. Pentest Tools For Mac
32. Tools Used For Hacking
33. Tools Used For Hacking
34. Hacker Tools For Ios
35. Hacking Tools Windows 10
36. Pentest Tools Apk
37. Hacker Tools Windows
38. Bluetooth Hacking Tools Kali
39. Pentest Tools Alternative
40. Ethical Hacker Tools
41. World No 1 Hacker Software
42. Computer Hacker
43. Hack App
44. Android Hack Tools Github
45. Pentest Automation Tools
46. Pentest Tools Url Fuzzer
47. Hacking Tools Software
48. Hacking Apps
49. Hack Tools 2019
50. Pentest Tools Website
51. Hacker Techniques Tools And Incident Handling
52. Hacker Tools Free
53. Hacker Tools Free
54. Hacker Tools
55. Pentest Tools Nmap
56. Bluetooth Hacking Tools Kali
57. Hacker Tools Hardware
58. Pentest Tools Alternative
59. Best Pentesting Tools 2018
60. Hacking Tools For Beginners
61. Pentest Tools Tcp Port Scanner
62. Github Hacking Tools
63. Hack Rom Tools
64. Pentest Box Tools Download
65. Hacker
66. Hacking Tools Name
67. Hacker Tools Linux
68. Pentest Reporting Tools
69. Best Hacking Tools 2019
70. Pentest Tools Review
71. Hacking Tools For Kali Linux
72. Hacker Tools 2019
73. Pentest Tools Framework
74. Wifi Hacker Tools For Windows
75. Hacker Tools List
76. Hack Tools Download
77. Pentest Tools Website
78. Hackrf Tools
79. Pentest Tools Find Subdomains
80. Hack Tools For Games
81. Black Hat Hacker Tools
82. World No 1 Hacker Software
83. New Hack Tools
84. Pentest Tools Website
85. Hack Tools
86. Best Pentesting Tools 2018
87. Pentest Tools Port Scanner
88. Hacking Tools Pc
89. Hacking Tools For Pc
90. Hack Tool Apk No Root
91. Hacker Tools For Ios
92. Hacking Tools For Windows Free Download
93. How To Hack
94. Pentest Box Tools Download
95. Beginner Hacker Tools
96. Underground Hacker Sites
97. Hacker Tools Apk Download
98. Hack Tools Online
99. Pentest Tools List
100. Ethical Hacker Tools
101. Pentest Tools List
102. Underground Hacker Sites
103. Growth Hacker Tools
104. Hacker Tools Hardware
105. Growth Hacker Tools
106. Pentest Box Tools Download
107. Pentest Tools Kali Linux
108. Pentest Recon Tools
109. Hack Tool Apk No Root
110. Hacker Tools Hardware
111. Nsa Hack Tools Download
112. Hack Tools Download
113. Pentest Tools Download
114. How To Make Hacking Tools
115. Usb Pentest Tools
116. Hacking Tools For Pc
117. Bluetooth Hacking Tools Kali
118. Black Hat Hacker Tools
119. Hacking Tools For Mac
120. Hacking Tools 2019
121. Free Pentest Tools For Windows
122. Hacking Tools Pc
123. Wifi Hacker Tools For Windows
124. Hacking Tools Kit
125. What Are Hacking Tools
126. Hacking Tools Hardware
127. Pentest Box Tools Download
128. Hacker Tools Free Download
129. World No 1 Hacker Software
130. Pentest Tools For Windows
131. Hacker Tools Mac
132. Ethical Hacker Tools
133. Pentest Tools List
134. Best Hacking Tools 2019
135. Hacker Tools
136. Hacker Tools Windows
137. Hack Tools Github
138. Best Hacking Tools 2020
139. World No 1 Hacker Software
140. Pentest Automation Tools
141. Hacker Tools 2020
142. Hacking App
143. Pentest Tools List
144. Pentest Tools For Ubuntu