VULNERABILITY DETAILS
DLL injection is a technique used for running code within the address space of another process by forcing it to load a dynamic-link library. DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend.For example, the injected code could hook system function calls, or read the contents of password textboxes, which cannot be done the usual way.A program used to inject arbitrary code into arbitrary processes is called a DLL injector
DEMONSTRATION:
1.Using kali linux OS create a dll payload to inject using msfvenom tool.
2.Start the handler in msfconsole
3.Start the chrome in windows machine ,open process hacker 2 tool and
Inject the dll into the chrome process.
4.Now you will get the shell of the chrome running windows7 machine in the kali linux machine
VERSION
Chrome Version: [68.0.3440.75] + [stable]
Operating System: [Windows,7, and service pack 1]
Detailed Report Attached with PoC.
|
Deleted:
PoC of dll (1).pdf
457 KB
|
Comment 1 by mbarbe...@chromium.org
, Jul 28