For this lab, you’ll need:
Objective:
- In this lab we’ll implement a reverse shell through the process of DLL injection into a running executable.
We’ll start by downloading two programs:
- Use the links below to download these to your Windows VM.
- Microsoft SysInternals (Namely Process Monitor)
- KeePass: The executable that we’ll exploit via our malicious DLL
These downloads will come as .zip files. Go ahead and extract them after downloading.
We’ll use Process Monitor to evaluate which .dll files are being loaded along with the KeePassXC.exe application when we start it.
- Open
Procmon64.exe as administrator
Next, Run the KeePassXC.exe application.
We aren’t worried about updates. Choose ‘No.’
Process Monitor provides a lot of information. We’ll need to filter for the application we are interested in.