Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies.
Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path (triggering this search process), you can then place your hostile DLL somewhere higher up the search path so it’ll be found before the real version is, and Windows will happily feed your attack code to the application.
So, let’s pretend Windows’s DLL search path looks something like this:
and some executable “Foo.exe” requests “bar.dll”, which happens to live in the syswow64 (D) subdir. This gives you the opportunity to place your malicious version in A), B) or C) and it will be loaded into executable.
As stated before, even an absolute full path can’t protect against this, if you can replace the DLL with your own version.
Microsoft Windows protect system pathes like System32 using Windows File Protection mechanism but the best way to protect executable from DLL hijacking in entrprise solutions is :
And of course, this isn’t really limited to Windows either. Any OS which allows for dynamic linking of external libraries is theoretically vulnerable to this.
Also ReadADModule – Microsoft Signed ActiveDirectory PowerShell Module
Robber use simple mechanism to figure out DLLs that prone to hijacking :
This repository contains tools created by yogSahare0 while learning Python 3 for ethical hacking and penetration testing.…
"NetSecChallenger" provides a suite of automated tools designed for security professionals and network administrators to…
The essential tool for cybersecurity enthusiasts! This guide provides a detailed walkthrough on how to…
Meet "Poodone," the ultimate Python script designed for cybersecurity enthusiasts and professionals alike. Packed with…
The Linux version is no longer supported! The last Linux version is 6.0 that you…
Jin is a hacking command-line tools designed to make your scan port, gathering urls, check…