mardi 24 avril 2018

Side Loading Dll with a SteelSeries Signed Binaries

I'm a gamer. I bought one of the awesome SteelSeries Sensei [RAW] Mouse.

This is an awesome mouse perfect to micro your units in SC2 :-)

So I looked around the installation of the SteelSeries Engine 3 software which allows to manage your device: "SteelSeries Engine 3 talks directly to your game, which changes your device's illumination in real time, based off of in-game events.".

In the installation folder, I found the following interesting binary:


This binary is digitally signed by SteelSeries:

I tried to run it and I got the following error:

The binary win_driver_installer.exe tried to load SSEdevice.dll which is also signed.

So I forged a C++ .dll that leverages a PowerShell payload and tries to connect to one of my CobaltStrike server and I tried to make it side loaded by win_driver_installer.exe but unfortunately I got this new error:

I changed my entry point in my .dll:

I checked the export worked:

I ran again and... bingo I have a beacon!

That's all folks!

Aucun commentaire:

Enregistrer un commentaire