[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <A802B819E13346EB927DA521A3194192@localhost>
Date: Tue, 14 Sep 2010 23:15:57 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: "Christian Sciberras" <uuf6429@...il.com>,
<full-disclosure@...ts.grok.org.uk>
Subject: Re: DLL hijacking POC (failed, see for yourself)
Christian Sciberras wrote:
> I wrote my own example POC.
and failed to use it right!
[...]
> DHPOC\example\the-install-folder\
> DHPOC\example\the-install-folder\dhpocApp.exe
> DHPOC\example\the-install-folder\dhpocDll.dll
> DHPOC\example\the-remote-folder
> DHPOC\example\the-remote-folder\example.dhpoc
> DHPOC\example\the-remote-folder\dhpocDll.dll
>
> While testing this, I noticed that the dll hijack exploit completely
> failed my tests (on Windows 7 64bit).
No, you failed the test!
The "application directory" is ALWAYS the first one where both implicit
(referenced in the binary) as well as explicit (via LoadLibrary())
loading will search.
Next time, do your homework first!
Stefan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists