What is DLL Hijacking ? | HackThatCORE

Image Source: SecureDorg

DLL Hijacking is a cyber attack, due to which it exploits the way some windows applications search and load Dynamic Link Libraries. Actually DLL stands for Dynamic Link Libraries here.
Most of Windows applications does not use a fully qualified path to load any required DLLs. An attacker can place a fake DLL for a known program in a location that is searched before the real DLL's location and almost guarantee that the malicious DLL is loaded, resulting in whatever code the attacker wants to run is surely running.
When programs are not written to specify the exact location of a required DLL, Windows will search for the DLL by name in a specific order. For instance, let’s say that the application, lubo.exe requires a DLL named info.dll that is usually in the Windows system directory. If the application does not specify the exact path for info.dll, Windows will search for the dll in the directory from which the application has been loaded first.
If a malicious hacker has placed his own version of info.dll in the same directory as lubo.exe, then that DLL will be loaded instead of the real DLL. Windows just tries to find the first file that has the same name and does not verify if the file is actually the one that is required.
The vulnerability requires an attacker to convince someone to open a file using a vulnerable program such as Microsoft Word, PowerPoint or others from a remote network location (usually an smb share). If the vulnerable application tries to load an external DLL from the same location, the attack will most likely be successful.
The list of vulnerable programs seem to be growing daily. Even some anti-virus and security products are vulnerable. Imagine that!