Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

• Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
• Functions.dll: The "real" library which exposes valid functionality to the harness
• Theif.dll: The "evil" library which is attempting to gain execution
• NetClone.exe: A C# application which will clone exports from one DLL to another
• PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

• Stc-Forward: Forwards export names during the build process using linker comments
• Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
• Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
• Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.

Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Download Koppeling

Related articles

1. Hack Tools
2. Hacker Techniques Tools And Incident Handling
3. Tools For Hacker
4. Hacker Tool Kit
5. Pentest Tools Tcp Port Scanner
6. Hacking Tools For Pc
7. Pentest Box Tools Download
8. Hacking Tools Software
9. Pentest Tools Website
10. Hacker Tools Mac
11. Hack Tools For Windows
12. Hack Tools Download
13. Hack Website Online Tool
14. Hack Tool Apk No Root
15. Pentest Tools For Ubuntu
16. Hack Tools For Windows
17. Nsa Hack Tools
18. Black Hat Hacker Tools
19. Hacking Tools Pc
20. Hackers Toolbox
21. Hacking Tools Mac
22. Hacking Tools Windows 10
23. Hacking Tools And Software
24. Hacker Tools Github
25. New Hacker Tools
26. Hacking Tools Mac
27. Pentest Tools Framework
28. Termux Hacking Tools 2019
29. Hacking Tools Online
30. Nsa Hacker Tools
31. Hacker Tools For Ios
32. Hacking Tools 2020
33. Physical Pentest Tools
34. Hack Apps
35. Hacking Tools Software
36. Hacking Tools Pc
37. Pentest Tools Open Source
38. Pentest Tools Review
39. Hack Tools Mac
40. Wifi Hacker Tools For Windows
41. Hack Website Online Tool
42. Hacker Tools Hardware
43. Hacking Apps
44. Best Hacking Tools 2019
45. Hacker Tools For Windows
46. Pentest Tools Linux
47. Best Pentesting Tools 2018
48. Hacking Tools Download
49. Pentest Reporting Tools
50. Beginner Hacker Tools
51. Hack Tool Apk No Root
52. Hacking Tools 2020
53. Hacking Tools For Games
54. Pentest Tools Android
55. Black Hat Hacker Tools
56. Hack Tools Download
57. Hack Tools 2019
58. Tools Used For Hacking
59. Growth Hacker Tools
60. Blackhat Hacker Tools
61. Hacker
62. Hacker Tool Kit
63. Hack Apps
64. Hacker Tools Apk Download
65. Best Hacking Tools 2020
66. Pentest Tools For Ubuntu
67. Pentest Automation Tools
68. Hacking Tools For Beginners
69. Pentest Tools Online
70. Hacker Tools
71. Hacker Tools Apk Download
72. Tools 4 Hack
73. Hacking Tools Pc
74. Hacking Tools Usb
75. Hacker
76. Hacker Tools Hardware
77. Hack Tools For Pc
78. Hacker Tools 2020
79. Easy Hack Tools
80. How To Install Pentest Tools In Ubuntu
81. Hack Rom Tools
82. Pentest Tools Apk
83. Android Hack Tools Github
84. Pentest Tools Android
85. Hacker Search Tools
86. Pentest Tools Kali Linux
87. Hack Tools For Pc
88. Pentest Tools Find Subdomains
89. Hacker Tools For Ios
90. Black Hat Hacker Tools
91. What Is Hacking Tools
92. Hacker Tools Mac
93. Hackrf Tools
94. Hack Tool Apk
95. Pentest Tools Bluekeep
96. Computer Hacker
97. Pentest Tools Bluekeep
98. Hacking Tools Hardware
99. How To Make Hacking Tools
100. Nsa Hack Tools Download
101. World No 1 Hacker Software
102. Hacker Tools Linux
103. Hacking Tools And Software
104. Easy Hack Tools
105. Hacking Tools For Windows 7
106. Hacking Tools Windows 10
107. Hack Rom Tools
108. Best Hacking Tools 2020
109. Hack Tools For Games
110. Underground Hacker Sites
111. Hacking Tools Name
112. Hacking Tools Free Download
113. Hacking Tools Windows 10
114. Hacker Tools 2019
115. Hacking Tools Download
116. Hack And Tools
117. Hacking App
118. Hacking Tools For Mac
119. Hacker Tools Linux
120. Pentest Tools Url Fuzzer
121. Hacking Tools For Games
122. Hacker Tools Free Download
123. Hack App
124. Pentest Tools Website
125. Hacker
126. Hacker Tools
127. Hacker Tools Apk
128. Nsa Hack Tools
129. Hack Apps
130. Hacker
131. Hacker Hardware Tools
132. Pentest Tools Nmap
133. Hacking Tools Free Download
134. Hacking Tools Github
135. Hacking Tools And Software
136. Pentest Automation Tools
137. Hacker Techniques Tools And Incident Handling
138. Kik Hack Tools
139. Hacker Tools Online
140. Pentest Tools Find Subdomains
141. Hacking Tools 2019
142. Tools 4 Hack
143. Hacking Tools For Kali Linux
144. Hack Tools For Games
145. Tools Used For Hacking
146. What Is Hacking Tools
147. Pentest Tools For Windows
148. Hacker Tools Windows
149. Hacker Tools Windows
150. Underground Hacker Sites
151. Pentest Tools For Mac
152. Hack Tools For Pc
153. How To Hack