Finding writable folders and hijackable DLLs

Mark Mo
2 min readMay 3, 2021

--

This is pretty straight forward. All of the hard work was already done by Petr Hinchley and Matt Hand. This finds writable folders and hijackable DLLs.

First I had to compile HijackHunter from Matt Hand. The sourcecode for hijackhunter is here on github:

I compile the EXE and copy it to C:\Users\Public\HijackHunter.exe. Next, I found some code from Petr Hinchley to find writable folders. I got it from his gist here: https://gist.github.com/hinchley/ade9528e5ce986e9a8131489ad852789

At the very top of the script is the folder to search from recursively. I just hard coded it to my c:\ path.

I run this as a regular user account and see the folders the account can write to.

After I find the writable folders, I loop through them and look for exe files and feed it to hijack hunter. I hardcoded the path to HijackHunter.exe to C:\Users\Public\HijackHunter.exe. The code below is the code I added.

Here is a snippet of the output

The code is here:

Hopefully this will help you find hijackable DLL’s before attackers do.

Feel free to follow me on twitter https://twitter.com/_Markmo_

@_markmo_ (Yes, with the underscores)

--

--

Mark Mo

@fashionproof.bsky.social on bluesky @_markmo_ on twitter