I’ve developed a script that automates the DLL hijacking process. During my testing, I noticed that we often focus on DLLs marked as “Not Found” when testing for DLL hijacking. However, an interesting observation is that among these “Not Found” DLLs, a few (typically one or two) might actually execute, even though we don’t manually test all of them. This script helps automate the testing of all potential DLLs. Note that the payload execution still requires manual verification, as the script is currently a work in progress.
Features:
- Do not perform testing on DLLs within the Windows directory.
- If the command prompt runs with administrative privileges, the script will ask if you want to execute with elevated permissions.
- Allows exploitation with either administrative or normal user privileges.
- It offers multiple payload options to choose from.
Execution Process:
- Run
Run1_Auto_DLL_Hijacking_Admin.bat
with administrative privileges. It first launches Procmon and then prompts you to initiate the exploitation process. - To perform exploitation as a non-administrative user, run
Run2_After_DLLHijacking_Auto_NormalUser.bat
.
Automate_DLL_Hijacking
https://github.com/crazywifi/Automate_DLL_Hijacking.git
Binary_Protection_Sig_Checker_Automation
https://github.com/crazywifi/Binary_Protection_Sig_Checker_Automation
DLL_Hijacking_Payloads
https://github.com/crazywifi/DLL_Hijacking_Payload
Comments
Post a Comment