diff options
| author | Bryan McNulty <bryanmcnulty@protonmail.com> | 2025-04-28 18:54:12 -0500 |
|---|---|---|
| committer | Bryan McNulty <bryanmcnulty@protonmail.com> | 2025-04-28 18:54:12 -0500 |
| commit | f284a0a6e860d1a848424368038985b432ee7946 (patch) | |
| tree | ca5cbd8b01e3fab13e2c0e39ac677a149f9bd986 /pkg | |
| parent | 370eca97a1e4ae10f29af11c7f26073abe2b7e0a (diff) | |
| download | goexec-f284a0a6e860d1a848424368038985b432ee7946.tar.gz goexec-f284a0a6e860d1a848424368038985b432ee7946.zip | |
`dcom`: new method: `shellbrowserwindow`
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/goexec/dcom/shellbrowserwindow.go | 52 | ||||
| -rw-r--r-- | pkg/goexec/dcom/shellwindows.go | 4 |
2 files changed, 54 insertions, 2 deletions
diff --git a/pkg/goexec/dcom/shellbrowserwindow.go b/pkg/goexec/dcom/shellbrowserwindow.go new file mode 100644 index 0000000..0825250 --- /dev/null +++ b/pkg/goexec/dcom/shellbrowserwindow.go @@ -0,0 +1,52 @@ +package dcomexec + +import ( + "context" + "fmt" + "github.com/FalconOpsLLC/goexec/pkg/goexec" + "github.com/rs/zerolog" +) + +const ( + MethodShellBrowserWindow = "ShellBrowserWindow" // MMC20.Application::Document.ActiveView.ExecuteShellCommand +) + +type DcomShellBrowserWindow struct { + Dcom + + IO goexec.ExecutionIO + + WorkingDirectory string + WindowState string +} + +// Execute will perform command execution via the ShellBrowserWindow object. See https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/ +func (m *DcomShellBrowserWindow) Execute(ctx context.Context, execIO *goexec.ExecutionIO) (err error) { + + log := zerolog.Ctx(ctx).With(). + Str("module", ModuleName). + Str("method", MethodShellBrowserWindow). + Logger() + + method := "Document.Application.ShellExecute" + + cmdline := execIO.CommandLine() + proc := cmdline[0] + args := cmdline[1] + + // Arguments must be passed in reverse order + if _, err := callComMethod(ctx, m.dispatchClient, + nil, + method, + stringToVariant(m.WindowState), + stringToVariant(""), // FUTURE? + stringToVariant(m.WorkingDirectory), + stringToVariant(args), + stringToVariant(proc)); err != nil { + + log.Error().Err(err).Msg("Failed to call method") + return fmt.Errorf("call %q: %w", method, err) + } + log.Info().Msg("Method call successful") + return +} diff --git a/pkg/goexec/dcom/shellwindows.go b/pkg/goexec/dcom/shellwindows.go index b137d66..67537ec 100644 --- a/pkg/goexec/dcom/shellwindows.go +++ b/pkg/goexec/dcom/shellwindows.go @@ -10,7 +10,7 @@ import ( ) const ( - MethodShellWindows = "ShellWindows" // MMC20.Application::Document.ActiveView.ExecuteShellCommand + MethodShellWindows = "ShellWindows" // ShellWindows::Item().Document.Application.ShellExecute ) type DcomShellWindows struct { @@ -27,7 +27,7 @@ func (m *DcomShellWindows) Execute(ctx context.Context, execIO *goexec.Execution log := zerolog.Ctx(ctx).With(). Str("module", ModuleName). - Str("method", MethodMmc). + Str("method", MethodShellWindows). Logger() method := "Item" |