COM-Hunter : COM Hijacking VOODOO

COM-hunter is a COM Hijacking persistence tool written in C#.

Features

Finds out entry valid CLSIDs in the victim’s machine.
Finds out valid CLSIDs via Task Scheduler in the victim’s machine.
Finds out if someone already used any of those valid CLSIDs in order to do COM persistence (LocalServer32/InprocServer32).
Finds out if someone already used any of valid CLSID via Task Scheduler in order to do COM persistence (LocalServer32/InprocServer32).
Tries to do automatically COM Hijacking Persistence with general valid CLSIDs (LocalServer32/InprocServer32).
Tries to do automatically COM Hijacking Persistence via Task Scheduler.
Tries to use “TreatAs” key in order to refere to a different component.

Usage

[+] Usage:
.\COM-Hunter.exe
-> General Options:
-h, –help Shows help and exits.
-v, –version Shows current version and exits.
-a, –about Shows info, credits about the tool and exits.
-> Modes:
Search Search Mode
Persist Persist Mode
-> Search Mode:
Get-Entry Searches for valid CLSIDs entries.
Get-Tasksch Searches for valid CLSIDs entries via Task Scheduler.
Find-Persist Searches if someone already used a valid CLSID (Defence).
Find-Tasksch Searches if someone already used a valid CLSID via Task Scheduler (Defence).
-> Persist Mode:
General Uses General method to apply COM Hijacking Persistence in Registry.
Tasksch Try to do COM Hijacking Persistence via Task Scheduler.
TreatAs Uses TreatAs Registry key to apply COM Hijacking Persistence in Registry.
-> General Usage:
.\COM-Hunter.exe Persist General
-> Tasksch Usage:
.\COM-Hunter.exe Persist Tasksch
-> TreatAs Usage:
.\COM-Hunter.exe Persist TreatAs

Example Usages

Get-Entry (Search Mode):

.\COM-Hunter.exe Search Get-Entry

Find-Persist (Search Mode):

.\COM-Hunter.exe Search Find-Persist

General (Persist Mode):

.\COM-Hunter.exe Persist General ‘HKCU:Software\Classes\CLSID…’ C:\Users\nickvourd\Desktop\beacon.dll

Example Format Valid CLSIDs

Software\Classes\CLSID...

HKCU:Software\Classes\CLSID…

HKCU:\Software\Classes\CLSID…

HKCU\Software\Classes\CLSID…

HKEY_CURRENT_USER:Software\Classes\CLSID…

HKEY_CURRENT_USER:\Software\Classes\CLSID…

HKEY_CURRENT_USER\Software\Classes\CLSID…

Related

WFH : Windows Feature Hunter 2021

July 15, 2021

In "Kali Linux"

PersistenceSniper – A PowerShell Tool For Blue Teams, Incident Responders & System Admin

August 23, 2023

In "Pentesting Tools"

RedPersist – Advanced Windows Persistence in C#

October 4, 2023

In "Cyber security"

R K

Next Atomic-Operator : A Python Package Is Used To Execute Atomic Red Team Tests »

Previous « CRLFsuite : Fast CRLF Injection Scanning Tool

Leave a Comment

Share

Published by

R K

Tags: COM HijackingCOM-HunterVOODOO

4 years ago

Recent Posts

Android Security

This Android Bug Can Crack Your Lock Screen in 60 Seconds

A newly disclosed Android vulnerability is making noise for a good reason. Researchers showed that…

3 days ago

Database Assessment

How to Fix MyISAM Table Corruption in MySQL?

In MySQL Server 5.5 and earlier versions, the MyISAM was the default storage engine. So,…

4 days ago

Vulnerability Analysis

Microsoft Authenticator Flaw Could Leak Login Codes

A newly disclosed vulnerability in Microsoft Authenticator could expose one time sign in codes or…

5 days ago

software

Modrinth – A Comprehensive Overview of Tools and Functions

Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…

5 days ago

News

BlackSanta Malware A Stealthy Threat Targeting Recruiters and HR Teams

A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…

5 days ago

TECH

Perplexity Launches Personal Computer Features

Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…

6 days ago

L