IDA SDK 6.9 Demo / IDA 5.0 Freeware DLL Hijacking

Posted on 11 April 2016

Software : Interactive DisAssembler (IDA PRO) Version: <= IDA SDK 6.9 demo IDA 5.0 Freeware Software Link: https://www.hex-rays.com/products/ida/support/download.shtml Tested on: WINDOWS XP SP3 - 32 bit, WINDOWS 7 SP1 - 32 bit, Windows 8.1 32 bit IDA Pro suffers from DLL HIJACK Vulnerability from .idb file formats with idadmng.dll file. Details: *.idb file is a saved file of any disassembled file. Vulnerable DLL: idadmng.dll Exploitation Steps: Step 1: Open any file in IDA Pro 5.0 Freeware or SDK 6.9 and save that opened disassembled file in a *.idb file. Step 2: Now send that saved *.idb file along with the malicious dll to the system or the person you want to get access. Step 3: Now whenever that person opens that .idb file in IDA Pro you can get the meterpreter or the shell of the target system.

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20