msi_lateral_mv

This is a BOF that uses the MSI Server over DCOM to install and configure an ODBC driver using the Custom Action Server

Read more about this on the blogpost: https://specterops.io/blog/2025/09/29/dcom-again-installing-trouble-lateral-movement-bof/

All arguments are wide strings.

Usage:
  msi_lateral_mv local <drivername> <dllpath>                                : Local, current user
  msi_lateral_mv local <user> <pass> <drivername> <dllpath>                  : Local, alternate user
  msi_lateral_mv local <domain> <user> <pass> <drivername> <dllpath>         : Local, domain user
  msi_lateral_mv remote <host> <drivername> <dllpath>                        : Remote, current user
  msi_lateral_mv remote <user> <pass> <host> <drivername> <dllpath>          : Remote, alternate user
  msi_lateral_mv remote <domain> <user> <pass> <host> <drivername> <dllpath> : Remote, domain user

The proof of concept relies on placing the DLL on the remote system. The code for the DLL can be found in https://github.com/werdhaihai/msi_lateral_mv/tree/main/sqldriverdll

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
bof		bof
sqldriverdll		sqldriverdll
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

msi_lateral_mv

About

Uh oh!

Releases

Packages

Languages

License

werdhaihai/msi_lateral_mv

Folders and files

Latest commit

History

Repository files navigation

msi_lateral_mv

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages