wtorek, 19 marca 2019

DLL Injection - part 2

Last time when DLL injection was mentioned on the blog was related to exploiting 7zip by replacing DLL files. This time we will try something else...
Ideas described here are not 'new' and are already described (better:)) somewhere else on the internet. This 'small description' is "only for future me". ;]

So ('listen, me'), to start we will need to:
- build DLL file
- build loader (of that DLL file)
- start process we would like to inject our DLL
- ... and inject our DLL :)

To do that I prepared clean environment created with help of:
- Windows 7 (32bit)
- Python 2.7.x (I tried 2.7.16 and 2.7.9)
- (notepad++ if you like it)
- DevCpp (version I used)

TL;DR: DevCpp is cool enough to prepare for us our little skeleton (of DLL we want to create). We can do this choosing: File -> New -> Project:





After few 'enters' you will be here:


I called my project: our_sample.

Switching to dllmain.cpp tab we will see (nearly) 'ready to go' sample of DLL (we can create using, for example: DevCPP ;)):



So, next thing we should do... is - F9 (to compile our project):




Ok, so now we should see the output similar to the one presented below:



Sample DLL is now ready to use.


Our next goal is creating loader. ("Few" more details about 'loaders' you can find here, here or here.)

Preparing (again: File -> New -> Project): this time we will use:

We should be here:

Let's replace that content with the one presented below (also some 'example' from one the tutorials 'available online'):


Press F9 to compile:


Next step, (recreating our DLL - adding 'unhelloworld' function):

After that small cosmetic change, we should compile it (F9) and run with our loader:




I think now it's a ready (skeleton ;)) to use it during your pentest. ;)

If you are looking for more interesting examples - try here.


(tbc...) 


See you next time!

Cheers

Brak komentarzy:

Prześlij komentarz