Scribd
Upload
65 views7 pages

Privilege Escalation DLL Hijacking

The document discusses network pentesting and privilege escalation using DLL hijacking. It provides details on how a malware could use DLL hijacking to escalate privileges by running a Flash installer with admin privileges and then hijacking a DLL. It describes setting up a lab with Windows 7 and multiple accounts and downloading files needed like the Flash installer and Sysinternals tools. It also explains finding vulnerable DLLs, creating a hijack DLL using Metasploit code, and testing which DLL gets loaded before and after privilege escalation.

Uploaded by

MotivatioNet
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
65 views7 pages

Privilege Escalation DLL Hijacking

The document discusses network pentesting and privilege escalation using DLL hijacking. It provides details on how a malware could use DLL hijacking to escalate privileges by running a Flash installer with admin privileges and then hijacking a DLL. It describes setting up a lab with Windows 7 and multiple accounts and downloading files needed like the Flash installer and Sysinternals tools. It also explains finding vulnerable DLLs, creating a hijack DLL using Metasploit code, and testing which DLL gets loaded before and after privilege escalation.

Uploaded by

MotivatioNet
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Network Pentesting

Vivek Ramachandran
SWSE, SMFE, SPSE, SISE, SLAE, SGDE Course Instructor

Certifications: http://www.securitytube-training.com

Pentester Academy: http://www.PentesterAcademy.com

©SecurityTube.net
Pentesting Windows Endpoints
Privilege Escalation using DLL Hijacking

©SecurityTube.net
Mark Russinovich’s Tech Ed Talk

• Malware using DLL Hijacking to escalate privilege

• How?
– Runs Flash Installer/Updater
– User prompted for admin
– After privilege escalation DLL hijack is done

• Full talk:
http://channel9.msdn.com/Events/TechEd/NorthAmerica/201
4/DCIM-B368#fbid=

©SecurityTube.net
Lab Setup – Windows 7 with multiple accounts

©SecurityTube.net
Download Files

• Download Flash Installer:


http://get.adobe.com/flashplayer/otherversions/

• Download Sysinternals tools


http://technet.microsoft.com/en-in/sysinternals/bb842062.aspx

• Metasploit DLL Hijacker code


https://github.com/rapid7/metasploit-
framework/tree/master/data/templates/src/pe/dll

©SecurityTube.net
Privilege Escalation

• Find vulnerable DLLs using Procmon

• Create hijack DLL using Metasploit’s template code

• Trail and Error test of which DLL is loaded before/after


privilege is escalated

• GAME OVER! 

©SecurityTube.net
Pentester Academy

©SecurityTube.net

You might also like