With an ever increasing number of developers using .NET based game engines, game modders have developed sophisticated tools which can interact with the .NET Common Language Runtime to modify game mechanics, add features and fundamentally modify how games operate at runtime.
But what's stopping us from using these tools to mess with other .NET based applications? Say...an IIS web server running Microsoft Exchange?
Absolutely Nothing!
Join me as I deploy Harmony, a popular .NET method hooking library, onto a Microsoft IIS server inorder to access (and tamper with) method parameters, return values and functionality.
I'll demonstrate several methods to load Harmony into IIS before looking at the level of control Harmony gives us over various interesting methods regular web applications utilise.
Next I'll explore some defensive uses for method hooking including logging method parameters sent to commonly abused functions, preventing method calls, and messing with adversaries by tampering with outputs.
I'll also cover some offensive uses for method hooking such as password logging and persistence.
Adrian Justice
Adrian (@zeroedtech) is threat hunter specialising in IIS, webshells and .NET, with a little bit of software development thrown in.