https://pwnwiki.com/index.php?action=history&feed=atom&title=360%E6%A5%B5%E9%80%9F%E7%80%8F%E8%A6%BD%E5%99%A8_11.0.2086.0_dll%E5%8A%AB%E6%8C%81%E6%BC%8F%E6%B4%9E 2026-04-11T07:30:49Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=360%E6%A5%B5%E9%80%9F%E7%80%8F%E8%A6%BD%E5%99%A8_11.0.2086.0_dll%E5%8A%AB%E6%8C%81%E6%BC%8F%E6%B4%9E&diff=1652&oldid=prev 2021-04-14T05:08:13Z

<p>Created page with &quot;==漏洞原理== 瀏覽器啟動時,會自動加載當前目錄下載dll模塊，在加載系統dll，若發現存在dll模塊存在時,瀏覽器就會調用該dll模塊執行...&quot;</p> <p><b>New page</b></p><div>==漏洞原理==<br /> 瀏覽器啟動時,會自動加載當前目錄下載dll模塊，在加載系統dll，若發現存在dll模塊存在時,瀏覽器就會調用該dll模塊執行。如果加載中未發現dll，攻擊者可以構造一個惡意dll。<br /> <br /> ==漏洞利用==<br /> <br /> ===需要的工具===<br /> Procmon漢化版 v3.20.0.0<br /> <br /> dll模塊（可自己編寫32位，兼容性。）<br /> <br /> DllHijackAuditor （自動化工具效果不是太好）<br /> <br /> procexp<br /> <br /> <br /> ===360可以劫持的dll===<br /> <br /> api-ms-win-core-localization-l1-2-1.dll<br /> api-ms-win-core-fibers-l1-1-1.dll<br /> <br /> 放在根目錄下，也可以在其他目錄。<br /> <br /> Payload: https://github.com/JustYoomoon/Exploit/blob/main/payload.dll<br /> <br /> 可以看出來加載了計算器。<br /> <br /> <br /> ==自動化工具==<br /> http://www.onlinedown.net/soft/636085.htm<br /> <br /> https://cdn.securityxploded.com/download/DllHijackAuditor.zip<br /> <br /> https://github.com/MojtabaTajik/Robber/releases/tag/1.5<br /> <br /> https://github.com/rootm0s/WinPwnage<br /> <br /> https://github.com/mojtabatajik/robber<br /> <br /> https://github.com/sensepost/rattler</div>

Pwnwiki