Your SlideShare is downloading. ×
Dll hijacking
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Dll hijacking


Published on

a beginners introduction to dll hijacking

a beginners introduction to dll hijacking

Published in: Technology

1 Comment
1 Like
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Dll hijacking
    Praveen Kumar [D4rk357]
    Information Security Rookie
  • 2. Introduction
    DLL Hijacking is very Topic in exploit research and development these days .
    On 25th of August this year Exploit-DB was flooded with so many DLL Hijacking exploits that they stopped accepting it in the database and they mentioned these exploits in their blog post.
    Nearly all window application including this powerpoint (w00t w00t) I am using is vulnerable to it.
  • 3. Introduction
  • 4. Is DLL Hijacking New vector?
    While Searching for DLL Hijacking on Internet I saw mention of this exploit from as long as back in 2000(maybe you can find its mention much before that).
    What opened the floodgates of DLL hijacking exploits was a exploitation method by The Leader(maybe he also borrowed it from somewhere else) which could be used as if for nearly all applications to pawn them.
  • 5. Example of Code
  • 6. What is DLL Hijacking
    In simple words, DLL Hijacking is the vulnerability which can be used to make any vulnerable application to load malicious DLL by exploiting its DLL search order mechanism there by taking complete control over the system. Attacker can trick the user to open the documents/video/movies from the remote share where user can place malicious version of legitimate DLL. So when user launches the application to view such remote content, application will load these malicious DLLs instead of original DLL.
  • 7. Microsoft Windows DLL Search Path Weakness
    When a program executes under Microsoft Windows, it may require additional code stored in DLL library files. These files are dynamically located at run time, and loaded if necessary. A weakness exists in the algorithm used to locate these files.The search algorithm used to locate DLL files specifies that the current working directory is checked before the System folders. If a trojaned DLL can be inserted into the system in an arbitrary location, and a predictable executable called with the same current working directory, the trojaned DLL may be loaded and executed. This may occur when a data file is accessed through the 'Run' function, or double clicked in Windows Explorer.
  • 8. Offensive-Security Video
  • 9. Solutions ??
    Sorry but there is no fix to this yet  .
    Microsoft has released an Security Advisory citing this problem and mentioning about these mitigations
    Disable loading of libraries from WebDAV and remote network shares
    Disable the WebClient service
    Block TCP ports 139 and 445 at the firewall
    Microsoft has also introduced new registry key CWDIllegalInDllSearch to safeguard individual or All applications from this vulnerability. Below is the link to KB article.
  • 10. Questions ??
    Maybe I will not be able to answer all but we have a lot of ppl in audience who can . So start shooting 
  • 11. Thanksgiving
    Thanks to Rockey killer , FB1H2S, b0nd, punter,prashant,vinay,and all and
    Speacial Thanks to everyone in the audience for not sleeping :D .