Exploiting DLL Hijacking Vulnerability to Meterpreter

Severity: Medium

Complexity : Hard to Exploit

DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by Binary File’s improperly. And it allows an attacker to load this DLL file of the attacker’s choosing that could execute arbitrary code without the user’s knowledge.

Impact :

• Attacker can exploit this vulnerability to load a DLL file of the attacker’s choosing that could execute arbitrary code. This may help attacker to Successful exploit the system if user creates shell as a DLL.
• If an attacker places malicious DLL in the user’s “Downloads” directory (for example per “drive-by download” or “social engineering”) this vulnerability becomes a remote code execution.
• Please Note This Vulnerability Can Also be Exploited with Non Social Engineering Attack Ex:
  http://raffon.net/research/chrome/dllh/game.html and There are lot of attacks

Demo :

• Create a malicious .dll file and save it in your “Desktop”
• Download Vulnerable Binary file and save it in your “Desktop”
• Execute Setup from your “Desktop”

Malicious dll file gets executed.

Meterpreter Shell Demonstration :

• Created Malicious DLL file With Msfvenom And Placed it in Download Directory By Making user to Download it.