Skip to content

slyd0g/DLLHijackTest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

DLLHijackTest

DLLHijackTest

 
 

.gitignore

.gitignore

 
 

DLLHijackTest.sln

DLLHijackTest.sln

 
 

Get-PotentialDLLHijack.ps1

Get-PotentialDLLHijack.ps1

 
 

README.md

README.md

 
 

example.png

example.png

 
 

Repository files navigation

DLLHijackTest

Get-PotentialDLLHijack.ps1

Blogpost

Usage

  • Use Procmon to obtain a CSV file of potential DLL hijacks
  • Modify outputFile variable within write.cpp
  • Build the project for the appropriate architecture
  • Open powershell.exe and load Get-PotentialDLLHijack.ps1 into memory
    • . .\Get-PotentialDLLHijack.ps1
  • Run Get-PotentialDLLHijack with the appropriate flags
    • Example:
      • Get-PotentialDLLHijack -CSVPath .\Logfile.CSV -MaliciousDLLPath .\DLLHijackTest.dll -ProcessPath "C:\Users\John\AppData\Local\Programs\Microsoft VS Code\Code.exe"
    • -CSVPath takes in a path to a .csv file exported from Procmon
    • -MaliciousDLLPath takes in a path to your compiled hijack DLL
    • -ProcessPath takes in a path to the executable you want to run
    • -ProcessArguments takes in commandline arguments you want to pass to the executeable
  • View the contents of outputFile for found DLL hijacks
    • Run strings.exe on the outputFile to clean up the output paths
  • Party!!!

About

DLL and PowerShell script to assist with finding DLL hijacks

Resources

Readme
Activity

Stars

321 stars

Watchers

4 watching

Forks

58 forks
Report repository

Releases 1

Compiled binary Latest
Oct 1, 2020

Packages

No packages published

Languages