-
dumpbin.exemust be installed from Microsof Build Tools then check the box for "✔ Desktop development with C++" -
rust compiler off the Official Rust Download
-
g++ compilerfrom Official MinGW Download -
install Python Interpreter
- Clone the repo
git clone github.com/that-dog-eater/DLL-Sideload-Loader
- Add third party exes to "exes" folder
- add a singal rust payload file to "rust_payload" folder that exports a function called
dll_inject_code() - run
start.ps1to start the script - "output" folder will contain the dll sideloaded exes with the payload attached for each dll that is vulnerable
Important
- Do not include System Exes since they will fail
- Script will output a log file called
sideload.json
This script tests third party exe's for dll sideloading by running it through scan.py first witch adds them to a temp folder and injects a fake proxy dll for testing then adds the results to a log file called sideload.json. With the results from sideload.json the build.py file builts the real proxy dll (static rust lib + proxy.cpp + proxy.h = proxy.dll). Once it builds the DLL it injects it into each folder with application specific dlls the exe needs to run and acts as one of the vulnerbale DLLs, it does this for each vulnerable DLL. vulnerable exes and DLLs will be placed in the "output" folder.
- Strictly for building the rust static lib payload
- this is were the third party exe's are dropped for testing against dll sideloading
- stores a folder for each vulnerable exe, within each exe folder is a folder that has a payload proxy dll for each vulnerable dll
- stores the templates for the payload proxy dll and the log proxy dll
- hosts the rust payload, there must be only one file there
- a dump of all the functions needed by build.py and scan.py
- tests each exe to see if they are vulnerable by injecting a log proxy dll then outputs the data into sideload.json
- reads from sideload.json and builds a proxy dll with the rust paylaod and puts the output folders in the output folder