-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathcom-enum.ps1
More file actions
70 lines (63 loc) · 2.03 KB
/
com-enum.ps1
File metadata and controls
70 lines (63 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
########################################
# Recursive COM Method Search by @pwndizzle
#
# This script will recursively enumerate COM methods in order to dump all methods or find methods containing specific keywords. Be warned this is extremely hacky code and there are probably better ways to do this!
#
########################################
# OPTIONS
# Inpath - A file containing CLSIDs to scan
# Outpath - Scan results will be output to this file.
# Keywords - Search for methods containing this keyword
# Dumpall - Disabled by default. If true, keyword search will not be used and instead all properties will be dumped for the CLSIDs submitted.
# Depth - How deep to recurse. Note that many objects were found to support infinite/circular referencing.
########################################
$inpath = 'clsids.txt';
$outpath = 'output.txt';
$keywords = 'execute';
$dumpall = 0;
$depth = 2;
foreach($cid in Get-Content $inpath) {
$cid
try{
$Obj = [System.Activator]::CreateInstance([Type]::GetTypeFromCLSID($cid));
function recur([string]$recpath) {
$path = $recpath;
$recobj = $Obj;
if($path){
foreach($p in $path.split(".")) {
$recobj = $recobj.$p;
}
}
$recobj.PSObject.Methods | ForEach-Object {
if ($dumpall){
$cid + " - " + $path + "." + $_.Name >> $outpath;
} else {
foreach($keyword in $keywords) {
if($_.Name -like "*$keyword*") {
$cid + " - " + $path + "." + $_.Name >> $outpath;
}
}
}
}
$recobj.PSObject.Properties | ForEach-Object {
if (!$path -And $_.Name -notlike "*Parent*"){
$newpath = $_.Name;
recur($newpath);
} elseif (-not ([string]::IsNullOrEmpty($_.Name))){
$name = $_.Name;
if($path -notlike "*$name*" ){
$newpath = $path+"."+$_.Name;
if(($newpath.Split('.')).count-1 -lt $depth -And $newpath -notlike "*.Parent*" -And $newpath -notlike "*.Formula*" -And $newpath -notlike "*.MailEnvelope*"){
recur($newpath);
}
}
}
}
return
}
$p = "";
recur($p);
$res = [System.Runtime.Interopservices.Marshal]::ReleaseComObject($Obj);
Start-Sleep -s 1;
}catch{}
}