Search the Community
Showing results for tags 'dll'.
-
Spartacus is utilising the SysInternals Process Monitor and is parsing raw PML log files. You can leave ProcMon running for hours and discover 2nd and 3rd level (ie an app that loads another DLL that loads yet another DLL when you use a specific feature of the parent app) DLL Hijacking vulnerabilities. It will also automatically generate proxy DLLs with all relevant exports for vulnerable DLLs. Features Parsing ProcMon PML files natively. The config (PMC) and log (PML) parsers have been implemented by porting partial functionality to C# from [Hidden Content]. You can find the format specification here. Spartacus will create proxy DLLs for all missing DLLs that were identified. For instance, if an application is vulnerable to DLL Hijacking via version.dll, Spartacus will create a version.dll.cpp file for you with all the exports included in it. Then you can insert your payload/execution technique and compile. Able to process large PML files and store all DLLs of interest in an output CSV file. Local benchmark processed a 3GB file with 8 million events in 45 seconds. [Defence] Monitoring mode trying to identify running applications proxying calls, as in “DLL Hijacking in progress”. This is just to get any low-hanging fruit and should not be relied upon. [hide][Hidden Content]]
-
- spartacus:
- dll
-
(and 3 more)
Tagged with:
-
New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools. RottenPotatoDLL This project generates a DLL and EXE file. The DLL contains all the code necessary to perform the RottenPotato attack and get a handle to a privileged token. The MSFRottenPotatoTestHarness project simply shows example usage for the DLL. For more examples, see [Hidden Content], specifically the SeAssignPrimaryTokenPrivilege.cpp and SeImpersonatePrivilege.cpp files. RottenPotatoEXE This project is identical to the above, except the code is all wrapped into a single project/binary. This may be more useful for some penetration testing scenarios. Modify the "main" method in MSFRottenPotato.cpp to change what command will be run. By default it just runs cmd.exe to pop a command shell. [hide][Hidden Content]]
-
- rottenpotatong
- c++
-
(and 9 more)
Tagged with:
-
DLL Injector Hacker PRO – is a tool for injection of files dll to processes or (programs) this tool was specially designed for the injection of hacks, for games such as (Halo – Counter Strike – Swat – Nova – Mount Blade – Star War – ETC …) is easy to use and very efficient. [hide][Hidden Content]]
-
DLInjector for Graphical User Interface. Faster DLL Injector for processes. It targets the process name to identify the target. The process does not need to be open to define the target. DLInjector waits until the process executed. Firstly, enter the target process name with exe (chrome.exe, explorer.exe). And enter the to be injected DLL path (C:\malwDll.dll). Example Injection Process: V1 Features Only inject the DLL. Targeting process by name. If errors occurs, shows the error code. [hide][Hidden Content]]
-
- 11
-
- dlinjector-gui
- dll
- (and 4 more)
-
cryption android mono dll [Hidden Content]
- 1 reply
-
- 15
-
- cryption_dll
- cryption
- (and 4 more)
-
Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share. View the full article
-
VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability. View the full article
-
- vmware
- workstation
-
(and 2 more)
Tagged with:
-
Exiftool version 8.3.2.0 suffers from a dll hijacking vulnerability. View the full article
-
This Metasploit module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotely and execute the provided export function. The export function needs to be valid, but the default meterpreter function can be anything. The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV but does not load the dll from that location. This file should be removed after execution. The extension can be anything you'd like, but you don't have to use one. Two files will be written to disk. One named the requested name and one with a dll extension attached. View the full article
-
Dropbox version 54.5.90 suffers from a DLL hijacking vulnerability. View the full article