This is pretty straight forward. All of the hard work was already done by Petr Hinchley and Matt Hand. This finds writable folders and hijackable DLLs.
First I had to compile HijackHunter from Matt Hand. The sourcecode for hijackhunter is here on github:
I compile the EXE and copy it to C:\Users\Public\HijackHunter.exe. Next, I found some code from Petr Hinchley to find writable folders. I got it from his gist here: https://gist.github.com/hinchley/ade9528e5ce986e9a8131489ad852789
At the very top of the script is the folder to search from recursively. I just hard coded it to my c:\ path.
I run this as a regular user account and see the folders the account can write to.
After I find the writable folders, I loop through them and look for exe files and feed it to hijack hunter. I hardcoded the path to HijackHunter.exe to C:\Users\Public\HijackHunter.exe. The code below is the code I added.
Here is a snippet of the output
The code is here:
Hopefully this will help you find hijackable DLL’s before attackers do.
Feel free to follow me on twitter https://twitter.com/_Markmo_
@_markmo_ (Yes, with the underscores)