Need help with DLLHijackTest?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

slyd0g
161 Stars 41 Forks 16 Commits 0 Opened issues

Description

DLL and PowerShell script to assist with finding DLL hijacks

Services available

!
?

Need anything else?

Contributors list

# 193,346
C
Objecti...
Shell
16 commits

DLLHijackTest

Get-PotentialDLLHijack.ps1

Blogpost

  • https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0

Usage

  • Use Procmon to obtain a CSV file of potential DLL hijacks
  • Modify
    outputFile
    variable within
    write.cpp
  • Build the project for the appropriate architecture
  • Open
    powershell.exe
    and load
    Get-PotentialDLLHijack.ps1
    into memory
    • . .\Get-PotentialDLLHijack.ps1
  • Run
    Get-PotentialDLLHijack
    with the appropriate flags
    • Example:
      • Get-PotentialDLLHijack -CSVPath .\Logfile.CSV -MaliciousDLLPath .\DLLHijackTest.dll -ProcessPath "C:\Users\John\AppData\Local\Programs\Microsoft VS Code\Code.exe"
    • -CSVPath
      takes in a path to a .csv file exported from Procmon
    • -MaliciousDLLPath
      takes in a path to your compiled hijack DLL
    • -ProcessPath
      takes in a path to the executable you want to run
    • -ProcessArguments
      takes in commandline arguments you want to pass to the executeable
  • View the contents of
    outputFile
    for found DLL hijacks
    • Run
      strings.exe
      on the
      outputFile
      to clean up the output paths
  • Party!!!

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.