Last time when DLL injection was mentioned on the blog was related to exploiting 7zip by replacing DLL files. This time we will try something else...
Ideas described here are not 'new' and are already described (better:)) somewhere else on the internet. This 'small description' is "only for future me". ;]
So ('listen, me'), to start we will need to:
- build DLL file
- build loader (of that DLL file)
- start process we would like to inject our DLL
- ... and inject our DLL :)
To do that I prepared clean environment created with help of:
- Windows 7 (32bit)
- Python 2.7.x (I tried 2.7.16 and 2.7.9)
- (notepad++ if you like it)
- DevCpp (version I used)
TL;DR: DevCpp is cool enough to prepare for us our little skeleton (of DLL we want to create). We can do this choosing: File -> New -> Project:
After few 'enters' you will be here:
I called my project: our_sample.
Switching to dllmain.cpp tab we will see (nearly) 'ready to go' sample of DLL (we can create using, for example: DevCPP ;)):
So, next thing we should do... is - F9 (to compile our project):
Ok, so now we should see the output similar to the one presented below:
Sample DLL is now ready to use.
Our next goal is creating loader. ("Few" more details about 'loaders' you can find here, here or here.)
Preparing (again: File -> New -> Project): this time we will use:
Press F9 to compile:
Next step, (recreating our DLL - adding 'unhelloworld' function):
I think now it's a ready (skeleton ;)) to use it during your pentest. ;)
If you are looking for more interesting examples - try here.
See you next time!