In the Below example, i will be explaining how to exploit dll hijacking vulnerability to get reverse shell of a victim machine. Tools & OS used: Windows 7, Kali linux ,vulnerable application, process monitor(microsoft sysinternals tool). Pre Conditions to escalate privilege using DLL Hijacking Vulnerability: Write Permission on a system…

User can install ScoutSuite tool using PIP or Git. Commands are mentioned below. Via PIP $ virtualenv -p python3 venv $ source venv/bin/activate $ pip install scoutsuite $ scout — help Via Git $ git clone https://github.com/nccgroup/ScoutSuite $ cd ScoutSuite $ virtualenv -p python3 venv $ source venv/bin/activate $ pip install -r requirements.txt $ python…

If the path to the service binary is not enclosed in quotes and contains white spaces, As a result, a local user will be able to elevate the privilege to administrator privilege shell by placing an executable in a higher level directory within the path. Steps to test: Step 1…

Sometimes, while developing application older version of framework or older version of dependence software's are used. These older software’s might have open CVE’s and vulnerable to multiple attacks. Steps to test: Step 1: Identify the software/framework version by referring to config files or via other information gathering techniques as shown in below figure. If you are testing internal application then request the product team for the tech stack information which includes details of all software’s and their versions used by application.

Manual Analysis is very important in thick client security. When the thick client is installed, many sensitive files are stored locally under installation folders. Check all the configuration files for the sensitive information like FTP passwords, MDB password, License keys, Default passwords, API keys etc. Example 1: Below screenshot has username and password disclosed in one of the config file. Example 2: Below screenshot has license information disclosed in one of the .js file, which can be tampered to increase license validity.

In majority of cases information stored in memory won’t be encrypted. This unencrypted information might reveal sensitive data of particular thick client application. By using “Process Hacker” tool we can check for sensitive data stored in memory. Steps to test: Step 1: Download & install the “Process Hacker” tool from…

When the thick client application is installed and signed up. the sensitive information like password will be stored in registry. Use windows operating system “registry editor” tool to view registry entries. by using this tool we can search for keywords like username, passwords etc.. or we can navigate to particular registry path of installed thickclient application and look for sensitive information.

Hexdump is a utility that displays the contents of binary files in hexadecimal, decimal, octal, or ASCII. It’s a utility for inspection and can be used for data recovery, reverse engineering and programming. In some cases Hexdump stores sensitive information like Usernames, Keys, Passwords, Tokens etc. Steps to test: Step…

When the thick client application is installed majority of times files and folders are more permissive than required. Attacker can use these excessive files and folders permissions to perform malicious activities. Even these excessive permissions leads to DLL hijacking attack. At a time we can verify the given permissions for…