- Joined
- May 15, 2017
- Messages
- 983
- Likes
- 759
- Points
- 1,045
DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently supports the following Windows operating systems (both x86 and x64):
The script, while not being used as an Empire module, has some limitations as the working of the script and how it connects with the target machine differs.
- Microsoft Windows 7
- Microsoft Windows 10
- Microsoft Windows Server 2012 / 2012 R2
- Microsoft Windows Server 2016
The script, while not being used as an Empire module, has some limitations as the working of the script and how it connects with the target machine differs.
- For this script to work, the Windows Remote Management services need to be allowed in the Windows Firewall (5985);
- If the target system's network profile is set to Public the following command needs to be executed to allow Windows Remote Management services being used on the target system: Enable-PSRemoting -SkipNetworkProfilecheck -Force
- This script only works when one has the credentials of a local Administrator on the target system. Without these credentials you will not be able to start a remote session with the target machine, or be able to activate DCOM applications.