dcomexec.py

This can provide an interactive shell on Windows hosts similar to wmiexec. More info at wadcoms and Riccardo Ancarani's Red Team Adventures.

Command reference

python3 dcomexec.py -object MMC20 domain.com/lowpriv:'mypassgoeshere'@VICTIM

In addition to MMC20 be sure to try ShellWindows and ShellBrowserWindows as well.

So far I've just seen this on pentests where a compromised user has ExecuteDCOM permissions on a device. So far I haven't been able to exploit this though.

Command reference​

Command reference