DCOMUploadExec is a proof-of-concept (PoC) tool designed to exploit the Distributed Component Object Model (DCOM) for lateral movement within a network.
By leveraging the IMsiServer interface, this tool demonstrates how attackers can abuse Windows Installer’s COM functionality to execute payloads on remote systems. Below is an overview of its functionality, usage, and limitations.
DCOMUploadExec consists of two key components:
This tool bypasses traditional methods like PsExec by exploiting the IMsiServer interface in msiexec.exe
, enabling attackers to upload and execute DLLs remotely.
msiexec.exe
process.InitializeEmbeddedUI
) from the DLL.DCOMUploadExec
and AssemblyPayload
).DCOMUploadExec.exe [domain]$$user]:[password]@[address]
DCOMUploadExec.exe LOCALHOST
To customize the payload:
InitializeEmbeddedUI
.PayloadConfig.h
with details of your custom payload:PAYLOAD_ASSEMBLY_PATH
: Path to your DLL.ASSEMBLY_NAME
: Name of your assembly.ASSEMBLY_BITNESS
: Specify “64” (x64) or “32” (x86).ASSEMBLY_VERSION
: Version obtained via tools like sigcheck.exe
.ASSEMBLY_PUBLIC_KEY
: Public key generated using sn.exe
.Recompile DCOMUploadExec to use this custom payload.
DCOMUploadExec highlights how attackers can exploit lesser-known COM interfaces like IMsiServer for lateral movement.
While it serves as a PoC, it underscores the importance of securing DCOM configurations, applying patches, and monitoring suspicious activity in enterprise environments.
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…