GithubHelp home page GithubHelp logo

rileyzink / dllirant Goto Github PK

View Code? Open in Web Editor NEW

This project forked from redteamsocietegenerale/dllirant

0.0 0.0 0.0 36.21 MB

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

License: MIT License

C# 100.00%

dllirant's Introduction

DLLirant

DLLirant is a tool to automatize the DLL Hijacking and DLL Proxying researches on a specified binary.

alt text alt text alt text

  • Final PoC output when a DLL Hijacking is found:

alt text

Old Live Demo (similar to the new version)

alt text

How to install

How to use

Select the desired PE file, if it is an .exe, the application will currently search for DLL Search Order Hijacking, if you select a DLL, the application will offer you to proxy it.

Regarding the second option, you must specify a path for the proxy DLL, this path can be specified in two ways:

  • With a name, this will generate the proxy DLL and rename it with the name of the selected DLL, and the application will copy the selected (original) DLL and rename it with the name you selected.

  • With a path, this option will generate a single file, the proxy DLL that will call the functions exported from the DLL specified in the text box.

You can also create an import directory and place the missing DLL files that your application need if necessary (the DLL files will be copied automatically in the output directory with the targeted binary).

Important

Concerning the error messages of your targeted application, I tried to avoid the error messages, but you can't really because the messagebox is generated by the System via csrss.exe, not via the targeted application, so you can try to kill the threads, the child windows, use SetErrorMode etc... it will not work.

How it works

The script will create an output directory in the same directory of DLLirant, copy the targeted binary to the output directory.

Via the PeNet library, the script will extract the dll names required by the binary, and test each imports functions available one by one by compilate a custom DLL with the required exported functions.

If a function required by the binary is executed, the custom DLL will create a C:\DLLirant\output.txt to be sure that a DLL Hijacking is possible.

The PoCs of the DLL Hijackings will be also created in the DLLirant/dll-hijacks directory.

Technical posts (in French)

dllirant's People

Contributors

redteamsocietegenerale avatar sh0ckfr avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.