Dll Hijacking
Last updated
This article tells the basics of DLL. This article talked about the two types of DLL, DLL search order.
Common Techniques
Several methods are employed for DLL hijacking, each with its effectiveness depending on the application's DLL loading strategy:
DLL Replacement: Swapping a genuine DLL with a malicious one, optionally using DLL Proxying to preserve the original DLL's functionality.
DLL Search Order Hijacking: Placing the malicious DLL in a search path ahead of the legitimate one, exploiting the application's search pattern.
Phantom DLL Hijacking: Creating a malicious DLL for an application to load, thinking it's a non-existent required DLL.
DLL Redirection: Modifying search parameters like %PATH% or .exe.manifest / .exe.local files to direct the application to the malicious DLL.
WinSxS DLL Replacement: Substituting the legitimate DLL with a malicious counterpart in the WinSxS directory, a method often associated with DLL side-loading.
Relative Path DLL Hijacking: Placing the malicious DLL in a user-controlled directory with the copied application, resembling Binary Proxy Execution techniques.
To do Practical DLL hijacking you should try the HTB: Hathor lab https://app.hackthebox.com/machines/459
0xdf writeup about HTB : Hathor
https://0xdf.gitlab.io/2022/11/19/htb-hathor.html#execution-via-dll-overwrite
Ippsec also have a specific video about the DLL hijacking
More fun about DLL hijacking