metasploit-framework/external/source/DLLHijackAuditKit
wchen-r7 5a6a16c4ec Resolve #4326, remove msfpayload & msfencode. Use msfvenom instead!
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.

Resolves #4326
2015-06-08 11:30:04 -05:00
..
01_StartAudit.bat Actually track this in SVN 2010-08-25 14:21:53 +00:00
02_Analyze.bat Actually track this in SVN 2010-08-25 14:21:53 +00:00
DLLAudit.pmc Actually track this in SVN 2010-08-25 14:21:53 +00:00
README.txt Actually track this in SVN 2010-08-25 14:21:53 +00:00
analyze.js Rapid7 Comma Inc 2014-03-13 09:46:20 -05:00
audit.js Rapid7 Comma Inc 2014-03-13 09:46:20 -05:00
package.sh Add a revision 2010-08-25 15:13:06 +00:00
regenerate_binaries.rb Resolve #4326, remove msfpayload & msfencode. Use msfvenom instead! 2015-06-08 11:30:04 -05:00
runcalc.dll Regenerated binaries, error when CSV is missing 2010-08-25 14:33:09 +00:00
runcalc.exe Regenerated binaries, error when CSV is missing 2010-08-25 14:33:09 +00:00
runtest.dll Regenerated binaries, error when CSV is missing 2010-08-25 14:33:09 +00:00
runtest.exe Regenerated binaries, error when CSV is missing 2010-08-25 14:33:09 +00:00

README.txt

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

Execute 01_StartAudit.bat as an administrative user. This will attempt to launch the
handler for all known file types. When this process is complete, access the open
ProcMon window and use the Save option from the File menu. Save the output to this
directory as a file named Logfile.CSV and make sure you choose the CSV file type.

Once Logfile.CSV has been created, execute 02_Analyze.bat as an administrative user.
This will attempt to validate each result and generate a list of proof-of-concepts
within the Exploit subdirectory. For the best results, manually review the ProcMon
logs to ensure that various corner cases and other related vulnerabilities are not
missed. 

Have fun!

-HD <hdm[at]metasploit.com>