slyd0g/ DLLHijackTest

(Release) 5 months ago

C++

C

Need help with DLLHijackTest?

Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

slyd0g

161 Stars

41 Forks

16 Commits

0 Opened issues

Description

DLL and PowerShell script to assist with finding DLL hijacks

Services available

!

?

Need anything else?

Contributors list

Justin Bui slyd0g

# 193,346

C

Objecti...

Shell

16 commits

Readme

DLLHijackTest

Blogpost

https://posts.specterops.io/automating-dll-hijack-discovery-81c4295904b0

Usage

Use Procmon to obtain a CSV file of potential DLL hijacks
Modify
```
outputFile
```
variable within
```
write.cpp
```
Build the project for the appropriate architecture

Open

powershell.exe

and load

Get-PotentialDLLHijack.ps1

into memory

```
. .\Get-PotentialDLLHijack.ps1
```

Run
```
Get-PotentialDLLHijack
```
with the appropriate flags
- Example:
  - ```
  Get-PotentialDLLHijack -CSVPath .\Logfile.CSV -MaliciousDLLPath .\DLLHijackTest.dll -ProcessPath "C:\Users\John\AppData\Local\Programs\Microsoft VS Code\Code.exe"
```
- ```
-CSVPath
```
  takes in a path to a .csv file exported from Procmon
- ```
-MaliciousDLLPath
```
  takes in a path to your compiled hijack DLL
- ```
-ProcessPath
```
  takes in a path to the executable you want to run
- ```
-ProcessArguments
```
  takes in commandline arguments you want to pass to the executeable
View the contents of
```
outputFile
```
for found DLL hijacks
- Run
```
strings.exe
```
  on the
```
outputFile
```
  to clean up the output paths
Party!!!

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.