You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -89,5 +89,5 @@ This means that the system has LocalLaunch, RemoteLaunch, LocalActivation, Remot
### How to abuse
If you find a COM object that you can access on behalf of a low-privileged user, for example, you can abuse it as follows:
1. Create an instance and call the methods of that COM object to, for example, write an arbitrary file on behalf of the system
1. Create an instance and call the methods of that COM object to, for example, write an arbitrary file on behalf of the system. For example, you have found a COM object with a `DeployCmdShell()` method that runs on behalf of the `NT AUTHORITY\SYSTEM` account and you have `LaunchPermissions` and `AccessPermissions`. You can start this COM object, call the `DeployCmdShell()` method, and get code execution on behalf of the system.
2. Abuse DCOM authentication. For this, see [RemoteKrbRelay](https://github.com/CICADA8-Research/RemoteKrbRelay/tree/main)
