DCOMrade – Powershell Script for Enumerating Vulnerable DCOM Applications

0
389

DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently supports the following Windows operating systems (both x86 and x64):

  • Microsoft Windows 7
  • Microsoft Windows 10
  • Microsoft Windows Server 2012 / 2012 R2
  • Microsoft Windows Server 2016

   The script was made based on the research done by Matt Nelson (@enigma0x3), especially the round 2 blogpost that goes into finding DCOM applications that might be useful for pentesters and red teams.

Limitations

  • Currently the script does try to release any instantiated / activated DCOM applications but some activations start new processes (such as Internet Explorer), the process could be stopped but this would mean that if a user on the target system is using that particular application, this process will stop for them as well;
  • Another thing, which probably has to do with bad my coding skills, is that the script might introduce considerable load on the target system if the target system does not have a lot of resources. Be considerate when using this in a production environment or on servers;
  • The script might take some time to execute completely, this depends on the amount of DCOM applications and the size of the vulnerable subset file.

DOWNLOAD

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.