Skip to content

0xqn/CLSIDFinder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
Images
Images
 
 
CLSIDFinder.ps1
CLSIDFinder.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CLSIDFinder

Invoke-CLSIDFinder enumerates CLSID and AppID entries from the Windows registry to identify COM objects associated with Windows services via the LocalService value.

The function correlates these entries, exports the results to a CSV file, and attempts COM activation when the related service is running. It is primarily intended to help identify usable CLSIDs during relay attacks and other LPE scenarios.

Usage

PS C:\Users\Administrator\Desktop> Import-Module .\CLSIDFinder.ps1
PS C:\Users\Administrator\Desktop> Invoke-CLSIDFinder

example

Reference

https://github.com/ohpe/juicy-potato/blob/master/CLSID/GetCLSID.ps1

About

PowerShell enumeration script for discovering service-backed COM objects via CLSID/AppID correlation and activation testing.

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages