Description: Dynamic link library or DLL, is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX (for libraries containing ActiveX controls), or DRV (for legacy system drivers). The file formats for DLLs are the same as for Windows EXE files — that is, Portable Executable (PE) for 32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can contain code, data, and resources, in any combination.
Credits : http://en.wikipedia.org/wiki/Dynamic-link_library
In DLL Hijacking, the way some Windows applications search and load DLLs is exploited. Most Windows applications do not use a fully qualified path to load any required DLLs. Attacker can place a DLL for a known program in a location that is searched before the real DLL's location and this way the malicious DLL is loaded, and this result in code execution of the attacker. If in a programs it is not mentioned the exact location of a required DLL, Windows will search for the DLL by name in a specific order.
Source : InfoSecInstitute from Youtube
Tags: DLL-hijacking , metasploit ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
It is a directory of file extensions that can lead to code execution when opened from the share.
Also the default EXTENSIONS option must be configured to specify a vulnerable application type.
Nice share. thanks
Awesome video!!
I think more then 45 application affected with DDL Hijacking.