Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

• Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
• Functions.dll: The "real" library which exposes valid functionality to the harness
• Theif.dll: The "evil" library which is attempting to gain execution
• NetClone.exe: A C# application which will clone exports from one DLL to another
• PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

• Stc-Forward: Forwards export names during the build process using linker comments
• Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
• Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
• Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.

Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Download Koppeling

Read more

1. New Hack Tools
2. Pentest Tools Github
3. Tools 4 Hack
4. Pentest Tools Find Subdomains
5. Hacking Tools For Beginners
6. Pentest Tools Find Subdomains
7. Hacking Tools Mac
8. Pentest Automation Tools
9. Best Hacking Tools 2020
10. Ethical Hacker Tools
11. Physical Pentest Tools
12. Hacking Tools For Beginners
13. Best Hacking Tools 2019
14. Game Hacking
15. Pentest Tools Windows
16. What Are Hacking Tools
17. Hacker Tools List
18. Best Hacking Tools 2020
19. Pentest Tools Android
20. Tools For Hacker
21. Hacker Tools Apk
22. Hacker Tools 2020
23. How To Hack
24. Hack Tools For Ubuntu
25. Hacks And Tools
26. How To Install Pentest Tools In Ubuntu
27. Hacking Tools For Kali Linux
28. Hacking Tools Download
29. Hacker Tools Apk Download
30. Computer Hacker
31. Pentest Tools Linux
32. Hacking App
33. Hackrf Tools
34. Pentest Tools Linux
35. Pentest Tools Github
36. Pentest Reporting Tools
37. Pentest Tools List
38. Hack Tools
39. What Are Hacking Tools
40. Hack Tools
41. Pentest Recon Tools
42. Hacker Tools List
43. Hacking Tools For Kali Linux
44. Hacker Tools Windows
45. Install Pentest Tools Ubuntu
46. Hacking Tools Name
47. How To Hack
48. Free Pentest Tools For Windows
49. Hacker
50. Pentest Tools Website
51. Pentest Tools
52. Hack Rom Tools
53. Android Hack Tools Github
54. Pentest Tools
55. Hacker
56. Nsa Hacker Tools
57. Hak5 Tools
58. Hacking Tools Hardware
59. Pentest Tools Port Scanner
60. Hacking Tools Pc
61. Hacking Tools
62. Hacking Tools For Pc
63. Pentest Box Tools Download
64. Pentest Reporting Tools
65. Hacker Tool Kit
66. Hack App
67. Hacking Apps
68. Hacker Tools Windows
69. Hackers Toolbox
70. Hacking Tools Download