Sunday, June 5, 2022
HomeHackerHunter - COM Hijacking VOODOO
Hacker

Hunter – COM Hijacking VOODOO

Admin
By Admin
0
1




COM Hijacking VOODOO

COM-hunter is a COM Hijacking persistnce instrument written in C#.

This instrument was impressed in the course of the RTO course of @zeropointsecltd

Options

  • Finds out entry legitimate CLSIDs within the sufferer’s machine.
  • Finds out legitimate CLSIDs by way of Activity Scheduler within the sufferer’s machine.
  • Finds out if somebody already used any of these legitimate CLSIDs in an effort to do COM persistence (LocalServer32/InprocServer32).
  • Finds out if somebody already used any of legitimate CLSID by way of Activity Scheduler in an effort to do COM persistence (LocalServer32/InprocServer32).
  • Tries to do mechanically COM Hijacking Persistence with common legitimate CLSIDs (LocalServer32/InprocServer32).
  • Tries to do mechanically COM Hijacking Persistence by way of Activity Scheduler.
  • Tries to make use of “TreatAs” key in an effort to refere to a special part.

Particular Thanks

License

Copyright (c) 2022 Nikos Vourdas

Below the COM Hijacking VOODOO (1)

.NET Framework

4.8

Utilization

[+] Utilization:
.COM-Hunter.exe <mode> <choices>
-> Basic Choices:
-h, --help  Reveals assist and exits.
-v, --version   Reveals present model and exits.
-a, --about Reveals data, credit in regards to the instrument and exits.
-> Modes:
Search  Search Mode
Persist Persist Mode
-> Search Mode:
Get-Entry   Searches for legitimate CLSIDs entries.
Get-Tasksch Searches for legitimate CLSIDs entries by way of Activity Scheduler.
Discover-Persist Searches if somebody already used a legitimate CLSID (Defence).
Discover-Tasksch Searches if somebody already used a legitimate CLSID by way of Activity Scheduler (Defence).
-> Persist Mode:
Basic    Makes use of Basic technique to use COM Hijacking Persistence in Registry.
Tasksch    Attempt to do COM Hijacking Persistence by way of Activity Scheduler.
TreatAs    Makes use of TreatAs Registry key to use COM Hijacking Persistence in Registry.
-> Basic Utilization:
.COM-Hunter.exe Persist Basic <clsid> <full_path_of_evil_dll>
-> Tasksch Utilization:
.COM-Hunter.exe Persist Tasksch <full_path_of_evil_dll>
-> TreatAs Utilization:
.COM-Hunter.exe Persist TreatAs <clsid> <full_path_of_evil_dll>

Instance Usages

Instance Format Legitimate CLSIDs

SoftwareClassesCLSID...
HKCU:SoftwareClassesCLSID...
HKCU:SoftwareClassesCLSID...
HKCUSoftwareClassesCLSID...
HKEY_CURRENT_USER:SoftwareClassesCLSID...
HKEY_CURRENT_USER:SoftwareClassesCLSID...
HKEY_CURRENT_USERSoftwareClassesCLSID...



Previous articleLinux malware is on the rise—6 varieties of assaults to search for
Next articleA Journey into Deep Reinforcement Studying | by Matyas Amrouche | Could, 2022
Admin
Adminhttps://www.handla.it
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Load more

Recent Comments

ABOUT US

handla.it is your computer, laptop, software and cyber security website. We provide you with the latest breaking news and videos straight from the computer industry.

POPULAR POSTS

POPULAR CATEGORY

copyright 2022 © handla.it. All rights reserved.