Enhanced DLLHijackAuditKit
/* DLLHijackAuditKit (C) 2010 Rapid7 LLC */
http://core.yehg.net/lab/pr0js/files.php/%5Byehg.net%5D_DLLHijackAuditKitx.zip
Modified by
Aung Khant, YGN Ethical Hacker Group, Yangon, Myanmar
http://yehg.net
- Added sleep timer suport
- Added regex support to scan only desired application and its associated file extensions
Why did we modify?
By default, DLLHijackAuditKit scans all associated file extensions with all installed applications in default timer of 3 seconds.
DLLHijackAuditor from SecurityXploded is great for targetting only one application.
However, according to our testing, it sometimes misses flaws.
So, we tried to save time by adding timer support and regex support to our favorite HDM's
DLLHijackAuditKit.
How is useful?
Sleep timer - for some applications like Adobe CS, which takes a few seconds to reach fully usable state
You do need to look at both analyze.js and audit.js for the two variables below.
You should adjust them depending on the application's loading time.
var snap_time = 1000;
var sleep_time = 5000;
Regex - for each application you want and your desired extensions
scan_app - You need to look at the default data value of your desired application extension
in regedit editor.
It could be like Adobe.Illustrator.ColorBook
then you can
scan_app = /Adobe.Illustrator/gi;
Warning
DLLHijackAuditKit also missed flaws sometimes.
If it doesn't show exploitability, do manual analysis.
__________________________________________________
Vulnerabilities produced from DLLHijackAuditKit
http://core.yehg.net/lab/#advisories.dll-hijacking
http://core.yehg.net/lab/pr0js/files.php/%5Byehg.net%5D_DLLHijackAuditKitx.zip
Modified by
Aung Khant, YGN Ethical Hacker Group, Yangon, Myanmar
http://yehg.net
- Added sleep timer suport
- Added regex support to scan only desired application and its associated file extensions
Why did we modify?
By default, DLLHijackAuditKit scans all associated file extensions with all installed applications in default timer of 3 seconds.
DLLHijackAuditor from SecurityXploded is great for targetting only one application.
However, according to our testing, it sometimes misses flaws.
So, we tried to save time by adding timer support and regex support to our favorite HDM's
DLLHijackAuditKit.
How is useful?
Sleep timer - for some applications like Adobe CS, which takes a few seconds to reach fully usable state
You do need to look at both analyze.js and audit.js for the two variables below.
You should adjust them depending on the application's loading time.
var snap_time = 1000;
var sleep_time = 5000;
Regex - for each application you want and your desired extensions
scan_app - You need to look at the default data value of your desired application extension
in regedit editor.
It could be like Adobe.Illustrator.ColorBook
then you can
scan_app = /Adobe.Illustrator/gi;
Warning
DLLHijackAuditKit also missed flaws sometimes.
If it doesn't show exploitability, do manual analysis.
__________________________________________________
Vulnerabilities produced from DLLHijackAuditKit
http://core.yehg.net/lab/#advisories.dll-hijacking