If you think i am lazy with my posts, Hell Yeah! you are absolutely correct. Sometimes I feel 24-hours in a day are just not enough. I have ton of things to care about in life, things such as my family and my work, my friends who are like my family. I delivered my last session on 10th (if i remember correctly) in my very own Alma mater i.e. Lovely professional university and it was a great experience as always. Due to the nature of audience(students), i tried keeping a little technical yet important topic which was DLL Search Order Hijacking. The reason i chose this topic over others is that this may sound interesting yet simple to the upcoming ninjas of my university.
I have to admit, i keep searching about my books on the internet everyday, filtering them out through countries and time to check if they are being leaked anywhere on the internet and what i found one day was that being an author, i have been indexed by google with a knowledge graph. However, i felt disappointed seeing my age alongside my name 😞
First time in my life, i felt like if google is pretending to be my mother who keeps giving me a reality check on the age and marriage suggestions. Things became worse when some popular matrimonial website started following me on twitter. Well, finally i made up my mind and asked my mother to sign up for some popular matrimony sites. Suddenly, we started receiving ton of calls and what all people required was a KUNDLI (This is a popular Indian document which is more powerful than all your certifications / Degrees/ Diplomas/ Letter of Recommendations) i mean this document, as soon as it gets printed controls your fortune, destiny, karma, sins and what not. If you are confused and don’t have an idea what the hell i am talking about, this document is related to astrology which is used for match making.
So, we found someone locally who can get this document printed based on my DOB, place of birth, name etc. Accidentally, the guy who printed was running the software right in front of my evil eyes which kept staring at his cracked and no longer supported operating system which is none other than the legendary Windows XP. I kept looking and thinking about ms08_067_netapi (which made me happy obviously). However, then popped a software which actually generated the book of my life(Kundli) and the software was Kundli Pro(Also known as Kundli for Windows).
VB5.DLLwhile running. However, the vulnerability is that it starts from the current folder. This means it first looks in its own directory which is located in Program files and then when it doesn’t find one, it goes to the system32 folder and loads it. This means that if anyhow the software is shipped with the VB5.dll as a package. it will never load the other one from system32. Next, what we can do is to simply create a meterpreter backdoor in a
.dllformat, rename it as
VB5.dlland place it in the software folder and re-run the software as shown in the following screen:
Re-running the software will provide us with a meterpreter shell. However, the software will crash which may cause suspicion as shown in the following screen:
- Re-Packing the software with the infected DLL file and distributing it over the internet
- Packing the software with a crypto miner and make tons of cash
- Cause harm to the infected people by breaching there privacy
- Locking their systems with a ransomware
- Ask my matches at JeevanSathi and Shaadi.com to install the software :P This could have been Fun!!!
However, i choose to disclose this vulnerability right here at my blog and this is the exact reason why you shouldn’t use cracked software. This tutorial was for educational purposes only. Please do not harm anyone.
References and Tools used:
- Original PPT: https://www.slideshare.net/nipunjaswal/hijacking-softwares-for-fun-and-profit
- For Metasploit Tutorials you can buy my books here ( This is self promotion :P, i think i can do that, its my blog right :P)
2017-11-30 23:46 +0530