Skip to main content

dcomexec.py

This can provide an interactive shell on Windows hosts similar to wmiexec. More info at wadcoms and Riccardo Ancarani's Red Team Adventures.

Command reference

python3 dcomexec.py -object MMC20 domain.com/lowpriv:'mypassgoeshere'@VICTIM

In addition to MMC20 be sure to try ShellWindows and ShellBrowserWindows as well.

So far I've just seen this on pentests where a compromised user has ExecuteDCOM permissions on a device. So far I haven't been able to exploit this though.