A simple COM server which provides a component to run shellcode. Also includes a Windows JScript file to load the COM server and create the object with registration-free activation. This PoC COM server provides an object with a method that takes in base64 encoded shellcode and a method to run the shellcode.
For a more exhaustive background, see the blog post here: https://adapt-and-attack.com/2020/05/12/building-a-com-server-for-initial-execution/
COM Client (JScript) to activate the object and run shellcode
script.js
COM Class definition and C++ implementation:
COMRunner\object.cppCOMRunner\object.h
IDL Object Definition:
COMRunner\TestClass.idl
Generated files from midl.exe compilation:
COMRunner\TestClass.hCOMRunner\TestClass.tlbCOMRunner\TestClass_i.cCOMRunner\TestClass_p.cCOMRunner\dlldata.c
Resource Embedding:
COMRunner\resource.rcspecifying resources to embedCOMRunner\resource.resgenerated file fromrc COMRunner\resource.rc, file is pulled in to embed TLB at compile time
Other:
COMRunner\dllmain.cpphas typical dllmain functions andDllGetClassObjectimplementationCOMRunner\Helpers.hincludes some helper functionsCOMRunner\Source.defdefines exported functions
As described later in the blog post, which is probably the best way to understand if this is new to you,
the COM object's structure is identified in the TestClass.idl file. If you want to add another method
or take an additional input, you will want to follow these general steps. These may not be the only way, so feel
free to stray away as well.
- Update the
TestClass.idlwith your desired changes - Regenerate files with
midl.exe TestClass.idl - The new TLB needs to be embedded. Run
rc resource.rcto generated a newresource.res - Update
object.hclass to ensure it implements your new interface defined inTestClass.idl - Update
object.cppto change/add/remove your object's method's code
- Much thanks to @subTee for the research this was built on: https://www.youtube.com/watch?v=BIJ2L_rM9Gc
- Inside COM by Dale Rogerson
- For ClassFactory code: https://www.codeguru.com/cpp/com-tech/activex/tutorials/article.php/c5567/Step-by-Step-COM-Tutorial.htm