Ads Area

DLL Hijacking demonstration on DVTA(Damn Vulnerable Thick Client) Application

Hello guys 👋, what's up, everyone. Hope you all are fine and doing Good ✌

I am back again with another excellent topic for today i:e;

DLL Hijacking and I will also be providing you a demonstration of the same using the DVTA
(Damn Vulnerable Thick Client) Application.



So let's start this without wasting any further time:-

DLL hijacking is a method of injecting malicious code into an application by exploiting the way Windows applications search and load Dynamic Link Libraries (DLL). The attacker uses this to inject their own DLLs to gain an application's control. Most hijacked DLLs are legitimate files that have been modified to contain malicious code; however, there are also some cases where legitimate files have been changed to exploit bugs in specific applications.

Demonstration of the procedure using a demo-based application(DVTA) -


Download link for the DVTA Application - https://github.com/Agisthemantobeat/dvta

Post download move to the path - dvta-master\dvta-master\DVTA\bin\Debug

And then click on DVTA.exe to load the Application

So first of all we will be using up a windows Sysinternals utility named ListDlls64.exe to identify all the DLLs used by the respective application.

Using up the command 
Listdlls64.exe DVTA.exe

This will list down the DLLs as shown below:-


Close the application ->>>>>>

Select any of the random DLLs for eg:; mscoreei.dll

Note:- Provide the Trusted Installer Permission for the selected DLL. For that watch the below video-

 


The whole process is demonstrated in it, but u can simply move to the Trusted Installer Section.

Now generate a test DLL to load up the windows calculator.exe when called

Use the command:-

msfvenom -f dll -p windows/exec CMD="C:\windows\system32\calc.exe" -o runcalc.dll 

Post generation rename the test DLL with the name -> mscoreei.dll and replace it on the path provided for the original mscoreei.dll

Note:- But before replacing, take the backup, which means make a copy of the original DLL and then only replace it.

Once replaced, again open up the DVTA.exe and observe that the calculator got opened successfully.

And that's how the demonstration ends :)

Thank you guys for visiting the blog, reading, and learning more and more...

If you like the content you can follow me up, and can also subscribe to my YouTube channel

In case, you are stuck with your setup or need any solution, or you want more clarification on any topic, want to show us support, or just wanna give us a suggestion. Drop us a comment down below or reach us through our mail id. Keep a watch out for our new blog, and until then, have a good life. Bye.


Tags
The Decent's Blog

The Decent's Blog

Hi there, I'm Apoorv Gupta - aka Agisthemantobeat �� I'm a Senior Software Engineer, WhiteHat Hacker, Developer, and Youtuber!! | ⚡ Fun fact: I love to learn everything and solve problems of people. A small zest of Certifications - NSE1, NSE2 (Network Security Associate), CSFPC, Microsoft AI-900, DP-900 and rest on my LinkedIn profile.

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.