SlideShare a Scribd company logo

Powershell of component object model COM Hijacking

harr0ey
harr0ey

Powershell is filled of researches We'll see how it goes our affairs alongside using Powershell :)

Science
1 of 29
1 OUR COMPANY INC. Powershell Component Object Model Matt harr0ey
2 OUR COMPANY INC. Introduction This The Book Will Submit full the Clarification Around These COM-Object Techniques With Procedure in The Experience Will Explain CLSID/Appid in full Shape in Display The Parts Author Matt Harr0ey
3 OUR COMPANY INC. Component Object Model COM Considered COM-Objects Custom For Running The System Service in Shape Functions Objects Using Dependencies Applications, COM-Objects it has The lots of Capabilities For System Operating And Drag information
4 OUR COMPANY INC. Distributed Component Object Model COM As For DCOM Depends Upon Applications For Service Customer And focus For These Application About Progid/CLSID in Usage
5 OUR COMPANY INC. CLSID Dictionary CLSID is Concept for Display the characterization or task Per Topic inside Both COM/DCOM You can Use CLSID in invocation Your Function inside DLL in Some Status has call named .Guide./ ] * [ As For her lead You to Your subject Example Shape CLSID line Note: together DCOM And COM both they inside CLSID Same {00020000-0000-0000-C000-000000000046}
6 OUR COMPANY INC. CLSID Review >_ ] ! [ One of the features of COM-CLSID makes you use it like as and you use the application itself DCOM ! MMC. Application
7 OUR COMPANY INC. AppId Named Tools APPID: Alias From CLSID But Appid You Possible Usage it Only in Run The Tool Using Method hers AppID Also Considered the Name which Putting the Application in Mode invoke ID like name to invoke it
8 OUR COMPANY INC. OverView Code COMCLSID <object classid="clsid:A020FAD9-D661-4857-AA43-E6A86FF1163E" > </object>
9 OUR COMPANY INC. Component Object Model COM Functions Example: We Will Usage Function for be us evidence Around COM Objects Will We Use Function for Data Storage, Possible Use This FunC to Storage Your The Words For Execute inside Powershell alternatively Use others FunC‘S
10 OUR COMPANY INC. Component Object Model COM Fun’C Via CLSID Use CLSID inside Fun”C: remarking We Will Usage CLSID Which Depend Upon Objects COM Via invocation CLSID Through System.Activator Powershell Get Via Program identifier PS:>
11 OUR COMPANY INC. Review Execute COM Fun’C After Binding Between CLSID-ProgID Remarking: You can The Control in Objects FunC Shell.Application As inside The images With Execute The Values through ShellExecute or Other Object’s let’s going to take look in Next-Page
12 OUR COMPANY INC. Display COM-Fun’C Object Members 3232323
13 OUR COMPANY INC. OverView COM-Object insideLUA It started Used of lot's The Aspect COMObj Also in LUA Language
14 OUR COMPANY INC. Lateral Movement Using COM Object 3232323 Remarking: We Will Use Object’s System.Activator to Purpose Lateral Movement Execution Under integrity Mode an us
15 OUR COMPANY INC. ( ScriptLet COM Hijacking ) Structures Files insider Registry Understanding is done with ( ScriptLet COM ) Via Registry Entrance is Register, UnRegistry The File ScriptLet.SCT Across Next Files COM Which Executable ├───InprocServer32 ├───ProgID ├───ScriptletURL └───VersionIndependentProgID
16 OUR COMPANY INC. Structures InprocServer32 Venue InprocServer32 Actually Offers response allusion For Type any File to Reading it and integrated it on Function-DLL Even Possible Reading The Script Example: DLL-ScriptLetCOM scrobj.dll,0002EFDF Dword While Will Activation Scriptlet using DLLRegistrySe Also scrobj.dll Will call Exec Service of internal Scriptlet File
17 OUR COMPANY INC. OverView ScriptLet COM Exec Post Operation DLLRegisterServer We can invocation Exec of inside Scriptlet to Execute ActiveX
18 OUR COMPANY INC. OverView Around Exec-Function When We wanted Scriptlet Execute Using We-Exec to Putting ActiveX in Mode Executive Should us the Detection about Exec in Code File Scriptlet There ok… Already exist Exec
19 OUR COMPANY INC. OverView Around ProgID- Function 3232323
20 OUR COMPANY INC. OverView Around ProgID- Function We Rest assured Around Exec however There Other Topic is Program identifier Is Pattern the essential for fulfillment Scriptlet Should grasp her named even You be upon knowledge
21 OUR COMPANY INC. OverView Around ScriptletURL Function essential ScriptLet is essential Actually Considered is Venue one You can Putting URL Your Scriptlet inside it For be in Remote Executed Mode
22 OUR COMPANY INC. Overview Around COM-Hijacking Via Sys.Activator We Will Use System.Activator For Connection with CLSID to fulfillment Hijacking COMObject
23 OUR COMPANY INC. Overview Around called Round COMExec Remarking While We Will call Function Exec For Execute ScriptLet With Result Process Shape
24 OUR COMPANY INC. Round DCOM Functions CLSID As for DCOM Gives You The opportunity For Usage it App With dealing together it also There Application Possible dealing it and jealousy of apps be impossible
25 OUR COMPANY INC. Round Functions in Application DCOM In DCOM there CLSID,ProgID The Best Connect Will Be inside ProgID, DCOM is Focus about Applications be More thing
26 OUR COMPANY INC. Overview DCOM,COM Objects Management Access Remarking: If You Wanted Management Permission Access inside DCOM,COM Use Component Service comexp.msc
27 OUR COMPANY INC. Overview2 DCOM,COM Objects Management Access Choose Your Rules in COM Object’s
28 OUR COMPANY INC. ( End Topic )
29 OUR COMPANY INC. Twitter: Matt harr0ey Called: @harr0ey

Recommended

React with Ref
React with RefReact with Ref
React with RefJack Forbes
 
What are the components in React?
What are the components in React?What are the components in React?
What are the components in React?BOSC Tech Labs
 
Web components are the future of the web - Take advantage of new web technolo...
Web components are the future of the web - Take advantage of new web technolo...Web components are the future of the web - Take advantage of new web technolo...
Web components are the future of the web - Take advantage of new web technolo...Marios Fakiolas
 
Swift 5.2 what are the new things that you need to know about
Swift 5.2 what are the new things that you need to know aboutSwift 5.2 what are the new things that you need to know about
Swift 5.2 what are the new things that you need to know aboutConcetto Labs
 
DI using dagger
DI using daggerDI using dagger
DI using daggerJayant Sethi
 
Angular 2 - How we got here?
Angular 2 - How we got here?Angular 2 - How we got here?
Angular 2 - How we got here?Marios Fakiolas
 
AngularJS Fundamentals + WebAPI
AngularJS Fundamentals + WebAPIAngularJS Fundamentals + WebAPI
AngularJS Fundamentals + WebAPIEric Wise
 
Some experiences building an Android app with React Native & Redux
Some experiences building an Android app with React Native & ReduxSome experiences building an Android app with React Native & Redux
Some experiences building an Android app with React Native & ReduxAlex Bepple
 

Recommended

React with Ref
React with RefReact with Ref
React with RefJack Forbes
 
What are the components in React?
What are the components in React?What are the components in React?
What are the components in React?BOSC Tech Labs
 
Web components are the future of the web - Take advantage of new web technolo...
Web components are the future of the web - Take advantage of new web technolo...Web components are the future of the web - Take advantage of new web technolo...
Web components are the future of the web - Take advantage of new web technolo...Marios Fakiolas
 
Swift 5.2 what are the new things that you need to know about
Swift 5.2 what are the new things that you need to know aboutSwift 5.2 what are the new things that you need to know about
Swift 5.2 what are the new things that you need to know aboutConcetto Labs
 
DI using dagger
DI using daggerDI using dagger
DI using daggerJayant Sethi
 
Angular 2 - How we got here?
Angular 2 - How we got here?Angular 2 - How we got here?
Angular 2 - How we got here?Marios Fakiolas
 
AngularJS Fundamentals + WebAPI
AngularJS Fundamentals + WebAPIAngularJS Fundamentals + WebAPI
AngularJS Fundamentals + WebAPIEric Wise
 
Some experiences building an Android app with React Native & Redux
Some experiences building an Android app with React Native & ReduxSome experiences building an Android app with React Native & Redux
Some experiences building an Android app with React Native & ReduxAlex Bepple
 
Flex Camp London
Flex Camp LondonFlex Camp London
Flex Camp Londonguest1cb483
 
Polymer 2.0 codelab for extreme beginners
Polymer 2.0 codelab for extreme beginnersPolymer 2.0 codelab for extreme beginners
Polymer 2.0 codelab for extreme beginnersSylia Baraka
 
Angular
AngularAngular
AngularTejinderMakkar
 
Servicehost Customization
Servicehost CustomizationServicehost Customization
Servicehost CustomizationEyal Vardi
 
Flex in portal
Flex in portalFlex in portal
Flex in portalSunil Patil
 
Introduction To Angular 4 - J2I
Introduction To Angular 4 - J2IIntroduction To Angular 4 - J2I
Introduction To Angular 4 - J2INader Debbabi
 
Dive into Angular, part 4: Angular 2.0
Dive into Angular, part 4: Angular 2.0Dive into Angular, part 4: Angular 2.0
Dive into Angular, part 4: Angular 2.0Oleksii Prohonnyi
 
Mule Integration with Dropbox
Mule Integration with DropboxMule Integration with Dropbox
Mule Integration with DropboxRamakrishna Narkedamilli
 
Angular 9 New features
Angular 9 New featuresAngular 9 New features
Angular 9 New featuresAhmed Bouchefra
 
Code migration from Angular 1.x to Angular 2.0
Code migration from Angular 1.x to Angular 2.0Code migration from Angular 1.x to Angular 2.0
Code migration from Angular 1.x to Angular 2.0Ran Wahle
 
Angular 9
Angular 9 Angular 9
Angular 9 Raja Vishnu
 
Fundamental concepts of react js
Fundamental concepts of react jsFundamental concepts of react js
Fundamental concepts of react jsStephieJohn
 
The anypoint platform for API's
The anypoint platform for API'sThe anypoint platform for API's
The anypoint platform for API'sAchyuta Lakshmi
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSreekanth Kondapalli
 
Part 1 implementing a simple_web_service
Part 1 implementing a simple_web_servicePart 1 implementing a simple_web_service
Part 1 implementing a simple_web_servicekrishmdkk
 
Quality sdk for your apis in minutes!
Quality sdk for your apis in minutes!Quality sdk for your apis in minutes!
Quality sdk for your apis in minutes!Son Nguyen
 
Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the apiAchyuta Lakshmi Puvvala
 
Servlet session 11
Servlet session 11Servlet session 11
Servlet session 11Anuj Singh Rajput
 
LearningMVCWithLINQToSQL
LearningMVCWithLINQToSQLLearningMVCWithLINQToSQL
LearningMVCWithLINQToSQLAkhil Mittal
 
Angular Interview Questions-PDF.pdf
Angular Interview Questions-PDF.pdfAngular Interview Questions-PDF.pdf
Angular Interview Questions-PDF.pdfJohnLeo57
 
Repository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkRepository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkAkhil Mittal
 
Getting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivGetting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivAmit Sharma
 

More Related Content

What's hot

Flex Camp London
Flex Camp LondonFlex Camp London
Flex Camp Londonguest1cb483
 
Polymer 2.0 codelab for extreme beginners
Polymer 2.0 codelab for extreme beginnersPolymer 2.0 codelab for extreme beginners
Polymer 2.0 codelab for extreme beginnersSylia Baraka
 
Servicehost Customization
Servicehost CustomizationServicehost Customization
Servicehost CustomizationEyal Vardi
 
Introduction To Angular 4 - J2I
Introduction To Angular 4 - J2IIntroduction To Angular 4 - J2I
Introduction To Angular 4 - J2INader Debbabi
 
Dive into Angular, part 4: Angular 2.0
Dive into Angular, part 4: Angular 2.0Dive into Angular, part 4: Angular 2.0
Dive into Angular, part 4: Angular 2.0Oleksii Prohonnyi
 
Code migration from Angular 1.x to Angular 2.0
Code migration from Angular 1.x to Angular 2.0Code migration from Angular 1.x to Angular 2.0
Code migration from Angular 1.x to Angular 2.0Ran Wahle
 
Fundamental concepts of react js
Fundamental concepts of react jsFundamental concepts of react js
Fundamental concepts of react jsStephieJohn
 
The anypoint platform for API's
The anypoint platform for API'sThe anypoint platform for API's
The anypoint platform for API'sAchyuta Lakshmi
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSreekanth Kondapalli
 
Part 1 implementing a simple_web_service
Part 1 implementing a simple_web_servicePart 1 implementing a simple_web_service
Part 1 implementing a simple_web_servicekrishmdkk
 
Quality sdk for your apis in minutes!
Quality sdk for your apis in minutes!Quality sdk for your apis in minutes!
Quality sdk for your apis in minutes!Son Nguyen
 

What's hot (18)

Flex Camp London
Flex Camp LondonFlex Camp London
Flex Camp London
 
Polymer 2.0 codelab for extreme beginners
Polymer 2.0 codelab for extreme beginnersPolymer 2.0 codelab for extreme beginners
Polymer 2.0 codelab for extreme beginners
 
Angular
AngularAngular
Angular
 
Servicehost Customization
Servicehost CustomizationServicehost Customization
Servicehost Customization
 
Flex in portal
Flex in portalFlex in portal
Flex in portal
 
Introduction To Angular 4 - J2I
Introduction To Angular 4 - J2IIntroduction To Angular 4 - J2I
Introduction To Angular 4 - J2I
 
Dive into Angular, part 4: Angular 2.0
Dive into Angular, part 4: Angular 2.0Dive into Angular, part 4: Angular 2.0
Dive into Angular, part 4: Angular 2.0
 
Mule Integration with Dropbox
Mule Integration with DropboxMule Integration with Dropbox
Mule Integration with Dropbox
 
Angular 9 New features
Angular 9 New featuresAngular 9 New features
Angular 9 New features
 
Code migration from Angular 1.x to Angular 2.0
Code migration from Angular 1.x to Angular 2.0Code migration from Angular 1.x to Angular 2.0
Code migration from Angular 1.x to Angular 2.0
 
Angular 9
Angular 9 Angular 9
Angular 9
 
Fundamental concepts of react js
Fundamental concepts of react jsFundamental concepts of react js
Fundamental concepts of react js
 
The anypoint platform for API's
The anypoint platform for API'sThe anypoint platform for API's
The anypoint platform for API's
 
Salesforce Integration using Mule ESB
Salesforce Integration using Mule ESBSalesforce Integration using Mule ESB
Salesforce Integration using Mule ESB
 
Part 1 implementing a simple_web_service
Part 1 implementing a simple_web_servicePart 1 implementing a simple_web_service
Part 1 implementing a simple_web_service
 
Quality sdk for your apis in minutes!
Quality sdk for your apis in minutes!Quality sdk for your apis in minutes!
Quality sdk for your apis in minutes!
 
Manage and consume the api
Manage and consume the apiManage and consume the api
Manage and consume the api
 
Servlet session 11
Servlet session 11Servlet session 11
Servlet session 11
 

Similar to Powershell of component object model COM Hijacking

LearningMVCWithLINQToSQL
LearningMVCWithLINQToSQLLearningMVCWithLINQToSQL
LearningMVCWithLINQToSQLAkhil Mittal
 
Angular Interview Questions-PDF.pdf
Angular Interview Questions-PDF.pdfAngular Interview Questions-PDF.pdf
Angular Interview Questions-PDF.pdfJohnLeo57
 
Repository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkRepository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkAkhil Mittal
 
Getting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivGetting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivAmit Sharma
 
Getting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivGetting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivAmit Sharma
 
New Feature in CRM 2016
New Feature in CRM 2016New Feature in CRM 2016
New Feature in CRM 2016Naveen Kumar
 
Indore MuleSoft Meetup #5 April 2022 MDynamics 65.pptx
Indore MuleSoft Meetup #5 April 2022 MDynamics 65.pptxIndore MuleSoft Meetup #5 April 2022 MDynamics 65.pptx
Indore MuleSoft Meetup #5 April 2022 MDynamics 65.pptxIndoreMulesoftMeetup
 
jBPM5 Community Training Module #5: Domain Specific Processes
jBPM5 Community Training Module #5: Domain Specific ProcessesjBPM5 Community Training Module #5: Domain Specific Processes
jBPM5 Community Training Module #5: Domain Specific ProcessesMauricio (Salaboy) Salatino
 
30 days of cloud - 1
30 days of cloud - 130 days of cloud - 1
30 days of cloud - 1HitanshDoshi
 
RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminarcontest-theta360
 
Deep dive into Salesforce Connected App
Deep dive into Salesforce Connected AppDeep dive into Salesforce Connected App
Deep dive into Salesforce Connected AppDhanik Sahni
 
DotNetNuke Client API -DragDropAdminModules.pdf
DotNetNuke Client API -DragDropAdminModules.pdfDotNetNuke Client API -DragDropAdminModules.pdf
DotNetNuke Client API -DragDropAdminModules.pdfarunagulla
 
Resolve dependency of dependencies using Inversion of Control and dependency ...
Resolve dependency of dependencies using Inversion of Control and dependency ...Resolve dependency of dependencies using Inversion of Control and dependency ...
Resolve dependency of dependencies using Inversion of Control and dependency ...Akhil Mittal
 
Angular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsAngular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsWebStackAcademy
 
MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...
MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...
MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...Jitendra Bafna
 
Proper Connections Development for Proper Domino Developers
Proper Connections Development for Proper Domino DevelopersProper Connections Development for Proper Domino Developers
Proper Connections Development for Proper Domino DevelopersMark Myers
 
Commonly used design patterns
Commonly used design patternsCommonly used design patterns
Commonly used design patternsMojammel Haque
 

Similar to Powershell of component object model COM Hijacking (20)

LearningMVCWithLINQToSQL
LearningMVCWithLINQToSQLLearningMVCWithLINQToSQL
LearningMVCWithLINQToSQL
 
Angular Interview Questions-PDF.pdf
Angular Interview Questions-PDF.pdfAngular Interview Questions-PDF.pdf
Angular Interview Questions-PDF.pdf
 
Repository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkRepository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity Framework
 
Getting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivGetting started-with-oracle-so a-iv
Getting started-with-oracle-so a-iv
 
Getting started-with-oracle-so a-iv
Getting started-with-oracle-so a-ivGetting started-with-oracle-so a-iv
Getting started-with-oracle-so a-iv
 
New Feature in CRM 2016
New Feature in CRM 2016New Feature in CRM 2016
New Feature in CRM 2016
 
Indore MuleSoft Meetup #5 April 2022 MDynamics 65.pptx
Indore MuleSoft Meetup #5 April 2022 MDynamics 65.pptxIndore MuleSoft Meetup #5 April 2022 MDynamics 65.pptx
Indore MuleSoft Meetup #5 April 2022 MDynamics 65.pptx
 
Asp net-mvc-3 tier
Asp net-mvc-3 tierAsp net-mvc-3 tier
Asp net-mvc-3 tier
 
AngularJS Best Practices
AngularJS Best PracticesAngularJS Best Practices
AngularJS Best Practices
 
jBPM5 Community Training Module #5: Domain Specific Processes
jBPM5 Community Training Module #5: Domain Specific ProcessesjBPM5 Community Training Module #5: Domain Specific Processes
jBPM5 Community Training Module #5: Domain Specific Processes
 
30 days of cloud - 1
30 days of cloud - 130 days of cloud - 1
30 days of cloud - 1
 
RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar RICOH THETA x IoT Developers Contest : Cloud API Seminar
RICOH THETA x IoT Developers Contest : Cloud API Seminar
 
Deep dive into Salesforce Connected App
Deep dive into Salesforce Connected AppDeep dive into Salesforce Connected App
Deep dive into Salesforce Connected App
 
Google App Engine tutorial
Google App Engine tutorialGoogle App Engine tutorial
Google App Engine tutorial
 
DotNetNuke Client API -DragDropAdminModules.pdf
DotNetNuke Client API -DragDropAdminModules.pdfDotNetNuke Client API -DragDropAdminModules.pdf
DotNetNuke Client API -DragDropAdminModules.pdf
 
Resolve dependency of dependencies using Inversion of Control and dependency ...
Resolve dependency of dependencies using Inversion of Control and dependency ...Resolve dependency of dependencies using Inversion of Control and dependency ...
Resolve dependency of dependencies using Inversion of Control and dependency ...
 
Angular - Chapter 3 - Components
Angular - Chapter 3 - ComponentsAngular - Chapter 3 - Components
Angular - Chapter 3 - Components
 
MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...
MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...
MuleSoft Surat Live Demonstration Virtual Meetup#3 - Building JWT OAuth 2.0 C...
 
Proper Connections Development for Proper Domino Developers
Proper Connections Development for Proper Domino DevelopersProper Connections Development for Proper Domino Developers
Proper Connections Development for Proper Domino Developers
 
Commonly used design patterns
Commonly used design patternsCommonly used design patterns
Commonly used design patterns
 

Recently uploaded

Module for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learningModule for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learninglevieagacer
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPirithiRaju
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000Sapana Sha
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...chandars293
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsSérgio Sacani
 
GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)Areesha Ahmad
 
Introduction to Viruses
Introduction to VirusesIntroduction to Viruses
Introduction to VirusesAreesha Ahmad
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticssakshisoni2385
 
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Silpa
 
development of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virusdevelopment of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virusNazaninKarimi6
 
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxCOST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxFarihaAbdulRasheed
 
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts ServiceJustdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Servicemonikaservice1
 
FAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical ScienceFAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical ScienceAlex Henderson
 
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Servicenishacall1
 
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICESAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEayushi9330
 
The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxseri bangash
 
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑Damini Dixit
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLkantirani197
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Silpa
 

Recently uploaded (20)

Module for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learningModule for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learning
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
 
GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)
 
Introduction to Viruses
Introduction to VirusesIntroduction to Viruses
Introduction to Viruses
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
 
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
 
development of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virusdevelopment of diagnostic enzyme assay to detect leuser virus
development of diagnostic enzyme assay to detect leuser virus
 
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxCOST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
 
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts ServiceJustdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
 
FAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical ScienceFAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical Science
 
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
 
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICESAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
 
The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptx
 
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.
 

Powershell of component object model COM Hijacking

  • 1. 1 OUR COMPANY INC. Powershell Component Object Model Matt harr0ey
  • 2. 2 OUR COMPANY INC. Introduction This The Book Will Submit full the Clarification Around These COM-Object Techniques With Procedure in The Experience Will Explain CLSID/Appid in full Shape in Display The Parts Author Matt Harr0ey
  • 3. 3 OUR COMPANY INC. Component Object Model COM Considered COM-Objects Custom For Running The System Service in Shape Functions Objects Using Dependencies Applications, COM-Objects it has The lots of Capabilities For System Operating And Drag information
  • 4. 4 OUR COMPANY INC. Distributed Component Object Model COM As For DCOM Depends Upon Applications For Service Customer And focus For These Application About Progid/CLSID in Usage
  • 5. 5 OUR COMPANY INC. CLSID Dictionary CLSID is Concept for Display the characterization or task Per Topic inside Both COM/DCOM You can Use CLSID in invocation Your Function inside DLL in Some Status has call named .Guide./ ] * [ As For her lead You to Your subject Example Shape CLSID line Note: together DCOM And COM both they inside CLSID Same {00020000-0000-0000-C000-000000000046}
  • 6. 6 OUR COMPANY INC. CLSID Review >_ ] ! [ One of the features of COM-CLSID makes you use it like as and you use the application itself DCOM ! MMC. Application
  • 7. 7 OUR COMPANY INC. AppId Named Tools APPID: Alias From CLSID But Appid You Possible Usage it Only in Run The Tool Using Method hers AppID Also Considered the Name which Putting the Application in Mode invoke ID like name to invoke it
  • 8. 8 OUR COMPANY INC. OverView Code COMCLSID <object classid="clsid:A020FAD9-D661-4857-AA43-E6A86FF1163E" > </object>
  • 9. 9 OUR COMPANY INC. Component Object Model COM Functions Example: We Will Usage Function for be us evidence Around COM Objects Will We Use Function for Data Storage, Possible Use This FunC to Storage Your The Words For Execute inside Powershell alternatively Use others FunC‘S
  • 10. 10 OUR COMPANY INC. Component Object Model COM Fun’C Via CLSID Use CLSID inside Fun”C: remarking We Will Usage CLSID Which Depend Upon Objects COM Via invocation CLSID Through System.Activator Powershell Get Via Program identifier PS:>
  • 11. 11 OUR COMPANY INC. Review Execute COM Fun’C After Binding Between CLSID-ProgID Remarking: You can The Control in Objects FunC Shell.Application As inside The images With Execute The Values through ShellExecute or Other Object’s let’s going to take look in Next-Page
  • 12. 12 OUR COMPANY INC. Display COM-Fun’C Object Members 3232323
  • 13. 13 OUR COMPANY INC. OverView COM-Object insideLUA It started Used of lot's The Aspect COMObj Also in LUA Language
  • 14. 14 OUR COMPANY INC. Lateral Movement Using COM Object 3232323 Remarking: We Will Use Object’s System.Activator to Purpose Lateral Movement Execution Under integrity Mode an us
  • 15. 15 OUR COMPANY INC. ( ScriptLet COM Hijacking ) Structures Files insider Registry Understanding is done with ( ScriptLet COM ) Via Registry Entrance is Register, UnRegistry The File ScriptLet.SCT Across Next Files COM Which Executable ├───InprocServer32 ├───ProgID ├───ScriptletURL └───VersionIndependentProgID
  • 16. 16 OUR COMPANY INC. Structures InprocServer32 Venue InprocServer32 Actually Offers response allusion For Type any File to Reading it and integrated it on Function-DLL Even Possible Reading The Script Example: DLL-ScriptLetCOM scrobj.dll,0002EFDF Dword While Will Activation Scriptlet using DLLRegistrySe Also scrobj.dll Will call Exec Service of internal Scriptlet File
  • 17. 17 OUR COMPANY INC. OverView ScriptLet COM Exec Post Operation DLLRegisterServer We can invocation Exec of inside Scriptlet to Execute ActiveX
  • 18. 18 OUR COMPANY INC. OverView Around Exec-Function When We wanted Scriptlet Execute Using We-Exec to Putting ActiveX in Mode Executive Should us the Detection about Exec in Code File Scriptlet There ok… Already exist Exec
  • 19. 19 OUR COMPANY INC. OverView Around ProgID- Function 3232323
  • 20. 20 OUR COMPANY INC. OverView Around ProgID- Function We Rest assured Around Exec however There Other Topic is Program identifier Is Pattern the essential for fulfillment Scriptlet Should grasp her named even You be upon knowledge
  • 21. 21 OUR COMPANY INC. OverView Around ScriptletURL Function essential ScriptLet is essential Actually Considered is Venue one You can Putting URL Your Scriptlet inside it For be in Remote Executed Mode
  • 22. 22 OUR COMPANY INC. Overview Around COM-Hijacking Via Sys.Activator We Will Use System.Activator For Connection with CLSID to fulfillment Hijacking COMObject
  • 23. 23 OUR COMPANY INC. Overview Around called Round COMExec Remarking While We Will call Function Exec For Execute ScriptLet With Result Process Shape
  • 24. 24 OUR COMPANY INC. Round DCOM Functions CLSID As for DCOM Gives You The opportunity For Usage it App With dealing together it also There Application Possible dealing it and jealousy of apps be impossible
  • 25. 25 OUR COMPANY INC. Round Functions in Application DCOM In DCOM there CLSID,ProgID The Best Connect Will Be inside ProgID, DCOM is Focus about Applications be More thing
  • 26. 26 OUR COMPANY INC. Overview DCOM,COM Objects Management Access Remarking: If You Wanted Management Permission Access inside DCOM,COM Use Component Service comexp.msc
  • 27. 27 OUR COMPANY INC. Overview2 DCOM,COM Objects Management Access Choose Your Rules in COM Object’s
  • 28. 28 OUR COMPANY INC. ( End Topic )
  • 29. 29 OUR COMPANY INC. Twitter: Matt harr0ey Called: @harr0ey