-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathcom-enum.ps1
70 lines (63 loc) · 2.03 KB
/
com-enum.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
########################################
# Recursive COM Method Search by @pwndizzle
#
# This script will recursively enumerate COM methods in order to dump all methods or find methods containing specific keywords. Be warned this is extremely hacky code and there are probably better ways to do this!
#
########################################
# OPTIONS
# Inpath - A file containing CLSIDs to scan
# Outpath - Scan results will be output to this file.
# Keywords - Search for methods containing this keyword
# Dumpall - Disabled by default. If true, keyword search will not be used and instead all properties will be dumped for the CLSIDs submitted.
# Depth - How deep to recurse. Note that many objects were found to support infinite/circular referencing.
########################################
$inpath = 'clsids.txt';
$outpath = 'output.txt';
$keywords = 'execute';
$dumpall = 0;
$depth = 2;
foreach($cid in Get-Content $inpath) {
$cid
try{
$Obj = [System.Activator]::CreateInstance([Type]::GetTypeFromCLSID($cid));
function recur([string]$recpath) {
$path = $recpath;
$recobj = $Obj;
if($path){
foreach($p in $path.split(".")) {
$recobj = $recobj.$p;
}
}
$recobj.PSObject.Methods | ForEach-Object {
if ($dumpall){
$cid + " - " + $path + "." + $_.Name >> $outpath;
} else {
foreach($keyword in $keywords) {
if($_.Name -like "*$keyword*") {
$cid + " - " + $path + "." + $_.Name >> $outpath;
}
}
}
}
$recobj.PSObject.Properties | ForEach-Object {
if (!$path -And $_.Name -notlike "*Parent*"){
$newpath = $_.Name;
recur($newpath);
} elseif (-not ([string]::IsNullOrEmpty($_.Name))){
$name = $_.Name;
if($path -notlike "*$name*" ){
$newpath = $path+"."+$_.Name;
if(($newpath.Split('.')).count-1 -lt $depth -And $newpath -notlike "*.Parent*" -And $newpath -notlike "*.Formula*" -And $newpath -notlike "*.MailEnvelope*"){
recur($newpath);
}
}
}
}
return
}
$p = "";
recur($p);
$res = [System.Runtime.Interopservices.Marshal]::ReleaseComObject($Obj);
Start-Sleep -s 1;
}catch{}
}