Become an AceSign inSign up
slyd0g/ DLLHijackTest (Release) about 1 year ago
C++ C
View on GitHub
Need help with DLLHijackTest?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

slyd0g
211 Stars 47 Forks 16 Commits 1 Opened issues

Description

DLL and PowerShell script to assist with finding DLL hijacks

Services available

!
?

Need anything else?

Contributors list

Justin Bui slyd0g
# 179,784
Go
Shell
PHP
 16 commits

DLLHijackTest

Get-PotentialDLLHijack.ps1

Blogpost

  • https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0

Usage

  • Use Procmon to obtain a CSV file of potential DLL hijacks
  • Modify 
    outputFile
    variable within 
    write.cpp
  • Build the project for the appropriate architecture
  • Open 
    powershell.exe
    and load 
    Get-PotentialDLLHijack.ps1
    into memory 
    • . .\Get-PotentialDLLHijack.ps1
  • Run 
    Get-PotentialDLLHijack
    with the appropriate flags
    • Example: 
      • Get-PotentialDLLHijack -CSVPath .\Logfile.CSV -MaliciousDLLPath .\DLLHijackTest.dll -ProcessPath "C:\Users\John\AppData\Local\Programs\Microsoft VS Code\Code.exe"
    • -CSVPath
      takes in a path to a .csv file exported from Procmon
    • -MaliciousDLLPath
      takes in a path to your compiled hijack DLL
    • -ProcessPath
      takes in a path to the executable you want to run
    • -ProcessArguments
      takes in commandline arguments you want to pass to the executeable
  • View the contents of 
    outputFile
    for found DLL hijacks
    • Run 
      strings.exe
      on the 
      outputFile
      to clean up the output paths
  • Party!!!

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.