Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/leoloobeek/comproxy
PoC for proxying COM objects when hijacking
https://github.com/leoloobeek/comproxy
Last synced: 26 days ago
JSON representation
PoC for proxying COM objects when hijacking
- Host: GitHub
- URL: https://github.com/leoloobeek/comproxy
- Owner: leoloobeek
- License: bsd-3-clause
- Created: 2019-08-29T16:34:42.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-09-10T03:43:07.000Z (over 5 years ago)
- Last Synced: 2024-08-03T17:12:14.430Z (4 months ago)
- Language: C++
- Size: 16.6 KB
- Stars: 194
- Watchers: 9
- Forks: 30
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **90**星
README
# COMProxy
A COM client and server for testing COM hijack proxying. If you are running a COM hijack, proxying the legitimate COM server may result in better stability, thats the idea around this PoC.
This also provides an example in-process COM server DLL that can be taken and modified for your tooling. This implementation will read whatever COM CLSID is being hijacked, attempt to find the legitimate path in `HKLM\Software\Classes\CLSID`, and proxy the COM interface so the COM client receives the expected pointers.
### How to setup the test case?
Build both projects. The TestCOMClient will create a `WScript.Shell` object and run calc. The TestCOMServer is a COM server DLL that will start a thread printing to the screen every second.
Run this in a .reg file for the hijack:
```
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}]
@="Test Hijack"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32]
@="C:\\Users\\user\\Desktop\\TestCOMServer.dll"
"ThreadingModel"="Apartment"
```