SecurityXploded.com
SecurityTrainings
Mailing List Join us on Google+ Twitter facebook RSS Feeds
Dll Hijack Auditor : Smart Tool to Audit the DLL Hijack Vulnerability | www.SecurityXploded.com
 
 
DllHijackAuditor
 
 
See Also
 
 
 
 
Contents
 
 
About

DLL Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application.

This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this vulnerability which can allow any attacker to completely take over the system.

DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.


With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.

 

Dll Hijack Auditor is a fully portable and works on wide range of platforms starting from Windows XP to Windows 8.

 
 
 
Features
  • Directly & Instantly audit any Windows Application.
  • Allows complete testing to uncover all Vulnerable points in the target Application
  • Smart Debugger based 'Interception Engine' for consistent and efficent performance without intrusion.
  • Support for specifying as well as auditing of application with custom & multiple Extensions.
  • Timeout Configuration to alter the waiting time for each Application.
  • Generates complete auditing report (in HTML format) about all vulnerable hijack points in the Application.
  • GUI based tool, makes it easy for anyone with minimum knowledge to perform the auditing operation.
  • Does not require any special privilege for auditing of the application (unless target application requires)
  • Free from Antivirus as it does not use any shellcodes or exploit codes which trigger Antivirus to terminate the operation.
  • Fully portable tool which can be run directly on any system.
 
 
How to use?
Here are simple tests to use Dll Hijack Auditor for auditing of any Windows application.
  • Launch the DllHijackAuditor after copying it on your local system. You will see it as shown in the Screenshot 1
  • Now click on 'Browse' button to select application and then click on 'Start Audit' to begin the operation.
  • Next click on 'Exploit' button (only if it has found any vulnerable DLLs in the previous phase) to perform real Exploitation test.
  • Finally click on 'Report' button to generate complete Audit report.
 
You can tick the check box ( 'Do not terminate application' ) to make DllHijackAuditor to wait until you perform complete testing of all vulnerable points within the application. Once you are done with the testing, close the application so that DllHijackAuditor will continue with auditing operation.
 
 
 
Video Demonstrations
Here is the short Video demonstration of DllHijackAuditor auditing the Wireshark for Dll Hijack Vulnerability.
 
 
 
Here is another short video on detecting 'Slow Dll Hijack' vulnerability using DllHijackAuditor
 
 
 
Screenshots
 Screenshot 1: DllHijackAuditor ready for the auditing operation
 
DllHijackAuditor
Screenshot 2: DllHijackAuditor after the completion of Phase 1 (Vulnerability Testing) of auditing operation of WireShark.exe
 
DllHijackAuditor
Screenshot 3: DllHijackAuditor after the completion of Phase 2 (Exploitation) of auditing operation of WireShark.exe
 
DllHijackAuditor
Screenshot 4: Complete Audit report generated by DllHijackAuditor as last phase of auditing operation of WireShark.exe
 
DllHijackAuditor
 
 
 
About Dll Hijack Vulnerability
Dll Hijack Vulnerability is the latest security issue in the Windows platform which is being exploited widely and marked to be critical as it affects many existing Windows applications. Microsoft has already acknowledged about this Dll Hijack Vulnerability in this Security Advisory and suggested following workaround/solution to fix this issue.

For more about this Vulnerability, Please read following blog post, 'DLL Hijacking Exploit All at One Place'

Here is the more interesting read about 'Slow Dll Hijacking' Vulnerability.
 
 
 
Testing Results
DllHijackAuditor has been tested with all the platforms starting from Windows XP to latest operating system, Windows 7 (on 32 bit platforms) successfully. However it is possible that you may encounter issues and if you find any, please report it to author. You can use this feedback form to report the bugs or suggestions about this tool.
 
Known Limitations/Issues
Here are some of the known limitations or issues of this tool
  • Does not support auditing of 64 bit applications

  • Target application may not terminate sometimes and may appear to be frozen. It will close automatically when DllHijackAuditor is closed.
 
 
 
Release History
Version 3.5:  14th Apr 2014
Improved GUI interface with magnifying icon effects. Also fixed few minor bugs.
 
Version 3.0:  15th Jan 2013
Support for Windows 8, Drag & Drop of application EXE file. Enhanced GUI interface.
 
Version 2.5:  26th Jan 2011
Added Installer to support local Installation & Uninstallation.
 
Version 2.1:  12th Sep 2010
Fixed the duplicate vuln dlls issue, error in the report result,  cleanup of test directories etc.
 
Version 2.0:  7th Sep 2010
Introduction of new & smart Interception Engine for consistent and efficent performance without intrusion of process. Support for specifying custom & multiple extensions and timeout configuration. 
 
Version 1.0:  30th Aug 2010
First public release of DllHijackAuditor.
 
 
 
Download
FREE Download Dll Hijack Auditor v3.5
    
License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

Download
 
 
 
See Also