A simple COM server which provides a component to run shellcode. Also includes a Windows JScript file to load the COM server and create the object with registration-free activation. This PoC COM server provides an object with a method that takes in base64 encoded shellcode and a method to run the shellcode.
For a more exhaustive background, see the blog post here: https://adapt-and-attack.com/2020/05/12/building-a-com-server-for-initial-execution/
COM Client (JScript) to activate the object and run shellcode
script.js
COM Class definition and C++ implementation:
COMRunner\object.cpp
COMRunner\object.h
IDL Object Definition:
COMRunner\TestClass.idl
Generated files from midl.exe compilation:
COMRunner\TestClass.h
COMRunner\TestClass.tlb
COMRunner\TestClass_i.c
COMRunner\TestClass_p.c
COMRunner\dlldata.c
Resource Embedding:
COMRunner\resource.rc
specifying resources to embedCOMRunner\resource.res
generated file fromrc COMRunner\resource.rc
, file is pulled in to embed TLB at compile time
Other:
COMRunner\dllmain.cpp
has typical dllmain functions andDllGetClassObject
implementationCOMRunner\Helpers.h
includes some helper functionsCOMRunner\Source.def
defines exported functions
As described later in the blog post, which is probably the best way to understand if this is new to you,
the COM object's structure is identified in the TestClass.idl
file. If you want to add another method
or take an additional input, you will want to follow these general steps. These may not be the only way, so feel
free to stray away as well.
- Update the
TestClass.idl
with your desired changes - Regenerate files with
midl.exe TestClass.idl
- The new TLB needs to be embedded. Run
rc resource.rc
to generated a newresource.res
- Update
object.h
class to ensure it implements your new interface defined inTestClass.idl
- Update
object.cpp
to change/add/remove your object's method's code
- Much thanks to @subTee for the research this was built on: https://www.youtube.com/watch?v=BIJ2L_rM9Gc
- Inside COM by Dale Rogerson
- For ClassFactory code: https://www.codeguru.com/cpp/com-tech/activex/tutorials/article.php/c5567/Step-by-Step-COM-Tutorial.htm