DllHijackAuditor is the smart
tool to Audit against the Dll Hijacking Vulnerability in any Windows
application. This is recently discovered critical security issue
affecting almost all Windows systems on the planet. It appears that
large amount of Windows applications are currently susceptible to
this vulnerability which can allow any attacker to completely take
over the system.
DllHijackAuditor helps in
discovering all such Vulnerable Dlls in a Windows application which
otherwise can lead to successful exploitation resulting in total
compromise of the system. With its simple GUI interface
DllHijackAuditor makes it easy for anyone to instantly perform the
auditing operation. It also presents detailed technical Audit report
which can help the developer in fixing all vulnerable points in the
application.
New version v2 brings out following features,
New & Smart Debugger based 'Interception Engine' for
consistent and efficient performance.
Support for
specifying as well as auditing of application with custom & multiple
Extensions.
Timeout Configuration to alter the waiting time for each Application.
DllHijackAuditor is a standalone portable application which also
comes with Installer for local Installation & Uninstallation of software. It works
on wide range of platforms starting from Windows XP to latest
operating system, Windows 7.
Features of DllHijackAuditor
Here are some of the smart features of DllHijackAuditor,
Directly & Instantly audit any Windows Application.
Allows complete testing to uncover all Vulnerable points in
the target Application
Smart Debugger based 'Interception Engine'
for consistent and efficent performance without intrusion.
Support for specifying as well as auditing of application with
custom & multiple Extensions.
Timeout Configuration to alter
the waiting time for each Application.
Generates complete auditing report (in HTML format) about all vulnerable hijack
points in the Application.
GUI based tool, makes it easy
for anyone with minimum knowledge to perform the auditing operation.
Does not require any special privilege for
auditing of the application (unless target application requires)
Free from Antivirus as it does not use any shellcodes or
exploit codes which trigger Antivirus to terminate the operation.
Fully portable tool which can be run directly on any system.
Support for local Installation and uninstallation of the software.
Installing DllHijackAuditor
DllHijackAuditor comes with
Installer so that you can install it locally on your system for regular
usage. It has intuitive setup wizard (as shown in the screenshot below) which
guides you through series of steps in completion of installation. At any
point of time you can use Uninstaller to remove the software from the
system.
Using DllHijackAuditor
Here are simple tests to use DllHijackAuditor
for auditing of any Windows application.
Launch the DllHijackAuditor after copying it or installing
it on your local
system. You will see it as shown in the Screenshot 1
Now click on 'Browse' button to select application and then click on
'Start Audit' to begin the operation.
Next click on
'Exploit' button (only if it has found any vulnerable DLLs in the
previous phase) to perform real Exploitation test.
Finally click on 'Report' button to generate complete Audit report.
You can tick the check box ( 'Do not terminate application' ) to
make DllHijackAuditor to wait until you perform complete testing of all
vulnerable points within the application. Once you are done with the
testing, close the application so that DllHijackAuditor will continue
with auditing operation.
Video Demo of DllHijackAuditor
Here is the short Video demonstration of
DllHijackAuditor auditing the Wireshark for Dll Hijack Vulnerability.
Here are the screenshots of DllHijackAuditor in
action showing various phases of Auditing operation.
Screenshot 1: DllHijackAuditor ready for the auditing operation
Screenshot 2: DllHijackAuditor after the completion of Phase
1 (Vulnerability Testing) of auditing operation of WireShark.exe
Screenshot 3: DllHijackAuditor after the completion of Phase 2
(Exploitation) of auditing operation of WireShark.exe
Screenshot 4: Complete Audit report generated by DllHijackAuditor
as last phase of auditing operation of WireShark.exe
About Dll Hijack Vulnerability
Dll Hijack Vulnerability is the latest security issue in the Windows
platform which is being exploited widely and marked to be critical as it
affects many existing Windows applications. Microsoft has
already acknowledged about this Dll Hijack Vulnerability in this
Security
Advisory and
suggested following workaround/solution to fix this issue.
DllHijackAuditor has been tested
with all the platforms starting from Windows XP to latest operating
system, Windows 7 (on 32 bit platforms) successfully. However it is
possible that you may encounter issues and if you find any, please
report it to author. You can use this feedback form to report the bugs or
suggestions about this tool.
Known Limitations/Issues
Here are some of the known limitations or issues of this tool
Does not support auditing of 64 bit applications
Target application may not terminate sometimes and may appear to be
frozen. It will close automatically when DllHijackAuditor is closed.
Acknowledgements
Thanks to EvilFingers for the Spark without which this tool
would not have born at all.
Thanks to HD Moore for paving the
path with his smart work on DllHijackAuditKit
Release History
Version 2.5: 26th Jan 2011
Added Installer to support local Installation & Uninstallation.
Version 2.1: 12th Sep 2010
Fixed the duplicate vuln dlls issue, error in the report result,
cleanup of test directories etc.
Version 2.0: 7th Sep 2010
Introduction of new & smart Interception Engine for consistent and
efficent performance without intrusion of process. Support for
specifying custom & multiple extensions and timeout configuration.
