😎
Intruder
  • About Shantanu Khandelwal
  • Reporting
    • Excel Sheet to Word Report by PowerShell
    • Ghostwriter - Add report type
  • Red Team
    • HTTPS C2 Done Right NGINX
    • Domain Front
      • Firebase Domain Front - Hiding C2 as App traffic
    • GoLang
      • Red Team: How to embed Golang tools in C#
      • Red Team: Using SharpChisel to exfil internal network
      • Converting your GO bins to Shellcode and Using them in C#
    • ShellCode Injection
      • magic_mz_x86 and magic_mz_x64
      • Process Hollowing DInvoke
      • Shellcode Formatter
      • DLL Sideloading
      • InMemory Shellcode Encryption and Decryption using SystemFunction033
    • PowerShell
      • Enable Restricted Admin using powershell and use mimikatz for RDP
      • Powershell Custom Runspace
      • Using Reflection for AMSI Bypass
    • Database
      • Extract MSSQL Link Password
      • MSSQL Link Crawl - OpenQuery Quotes Calculator
    • DLL Sideloading
      • DLL Koppeling
      • DLL Sideloading not by DLLMain
    • Walking with Docker
      • Self-Hosting Havoc C2 / or any other C2 in Docker
    • Breach Attack Simulation - Starting With OpenBAS
  • Dealing with the Errors
    • Setting Up OPENVAS in KALI 2020.3
    • Page
      • Page 1
  • Phishing
    • Connecting GoPhish with Office365
    • SharpLoginPrompt - Success and a Curious Case
    • Gophish MODs
    • Long Live DMARC - Email Spoof issues
    • Error Solves (Random)
      • Rust OPENSSL install issues
  • Mobile Application Testing
    • How to Download APK from Huawei App Store
  • Talks I Like
  • Talks Worth Checking Out
  • Web Application Penetration Testing
    • Parsing Certificate Transparency Logs
Powered by GitBook
On this page
  • What is DLL Koppeling?
  • How to use?

Was this helpful?

  1. Red Team
  2. DLL Sideloading

DLL Koppeling

Short guide on How to use the Koppeling project

PreviousDLL SideloadingNextDLL Sideloading not by DLLMain

Last updated 2 years ago

Was this helpful?

What is DLL Koppeling?

It is a way to modify a DLL in a way that it could be utilised for DLL Sideloading

More details on why it is used and what's it purpose and why its better can be found here

How to use?

Quite easy, follow the below steps

Step1:- Get an exe which you want to hijack. I will use whoami.exe

whoami.exe execution can be hijacked by placing wkscli.dll in same directory

Step2:- Make your malicious dll as malicious.dll

Step 3:- copy the malicious.dll to the directory where you place whoami.exe

Step 4:- run the below command 

Netclone.exe --target malicious.dll --reference  C:\windows\system32\wkscli.dll  --output wkscli.dll

Step 5:- delete the malicious.dll

Step6:- you are now ready with the hijack exe and the associated DLL

Adaptive DLL Hijacking - NetSPINetSPI
Details about Koppeling project
Logo