Search the Community
Showing results for tags 'dll'.
-
Cum as putea sa vad modulele importate de un executabil intr-un mod automat si rapid a unui executabil windows? Am niste fisiere/executabile care in fisier raw nu are importate anumite dll-uri pe care le folosesti si am nevoie sa stiu ce dll-uri sau functii de winapi foloseste in executia lui; Se poate vedea asta intr-o anumita masura si sa se poata face asta intr-un mod automat(gen script python sau commandline tool)? Pana acum am gasit dependency walker dar nu pare sa pot automatiza procesul si dureaza un pic pana obtin lista de dll-uri, respectiv listdlls de la sysinte
-
ome non typical malware which doesn't have any attention from "security experts" and other internet clowns. Maybe because of this it is not well detected on VT. The key features of it, making it non typical: 1) This malware lives in registry value. 2) Non typical dropper self-deletion method, nothing zero day though. 3) Malware startup location protection in a backdoor Sirefef way. 4) It downloads, installs and uses Windows KB968930 (MS PowerShell). More details below 1) This malware stored under key HKCU\Software\Microsoft\Windows\CurrentVersion\Run and it autostart location is invisible to r
-
/* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: BZR Player 1.03 DLL Hijacking #[+] Date: 29-03-2015 #[+] Type: Local Exploits #[+] Vendor: http://bzrplayer.blazer.nu/ #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] gcc -shared -o [DLLNAME_choose one from the lis below].dll tcyber.c # Copy it to the software dir. then execute the software , calc.exe will launch . #Vulnerable and Exploitable DLLs: output_dsound.dll codec_cdda.dll output_writer_nrt.dll output_nosound.dll output_nosound_nrt.dll codec_tag.dll codec_cdda.dll codec_fsb.dll codec_va
-
- #[+]
- codec_it.dll
-
(and 3 more)
Tagged with:
-
Initially identified fifteen years ago, and clearly articulated by a Microsoft Security Advisory, DLL hijacking is the practice of having a vulnerable application load a malicious library (allowing for the execution of arbitrary code), rather than the legitimate library by placing it at a preferential location as dictated by the Dynamic-Link Library Search Order which is a pre-defined standard on how Microsoft Windows searches for a DLL when the path has not been specified by the developer. Despite published advice on secure development practices to mitigate this threat, being available for se
-
## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::SMB::Server::Share include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name' => 'Nvidia Mental Ray Satellite Service Arbitrary DLL Injection', 'Description' => %q{ The Nvidia Mental Ray Satellite Service listens for control commands on port 74
-
This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::SMB::Server::Sha