Hijacking Windows Handles - Fun for the Whole Family
sp1r0 270002FRMM Visits (7333)
Below is a standalone utility that 'hijacks' windows controls from any application running in the windows environment by utilizing the Win32 SetParent functionality, which allows for a Win32 Window/Control to have a parent that from a different process:
Directly calling into the underlying Win32 kernel APIs from within the .NET CLR – although it may not give one warm fuzzy feelings about the security of the platform, or any applications running on it – should start to illustrate the level of control over a target application's processes, data, handles and messages that has been achieved without the exploitation of a single "recognized" vulnerability.
For more information on exactly how this tool was created see:
By itself, this is certainly not a game changing capability, but it does however lend itself to very interesting ways to combine existing technologies and paves the way for introduction to some of the "Application Injection" based techniques that I've been using to develop an AppScan WhiteBox / BlackBox Correlated Findings Prototype.
Here are some screenshots of the tool in action:
Double-click to start. Drag and Drop the target on the Control you want to hijack:
Take a screenshot of the control to verify that you're grabbing what you expect (there are some interesting behavioral bugs that you can get into here...)
Here we have initiated a scan of an application from the Hijacked control and can see the operation being performed in the 'background'.
Restoring the control before closing the application is recommended as this remains a relatively unknown / untested arena of Windows hackery...