Closed superboy-zjc closed 4 months ago
The issue looks to be because you are passing in a relative path to the DLL to inject.
The injector writes in the path to the DLL (.\Hooker\hooker.dll\0
is 20 bytes), and then within the OktaAgentService.exe
it calls LoadLibrary()
. So in this case it's going to do LoadLibrary(".\Hooker.\hooker.dll")
which will fail because OktaAgentService.exe
doesn't know the full path.
I'll update the documentation, but for fixing this, move hooker.dll to a shared directory that OktaAgentService.exe can open, so C:\Tools\Hooker.dll
for example, and then pass the full path to injector.exe
, so injector.exe 6120 C:\Tools\Hoooker.dll
.
You can also make sure that the DLL is loaded using ProcessExplorer or SystemInformer.
Updated the README.md with an example: https://github.com/xpn/CloudInject/blob/main/README.md
Oh! it works now! Thanks for your help!
Thanks for confirming 🙏
OS: Windows Server 2016 Okta AD Agent version: 3.17.0.0
I can manage to intercept the credential through x64dbg, while fail to do this by injecting the DLL
The way I compile the hooker and injector:
Try to exploit, while nothing happen:
Could you advise me how to solve this?