STUBborn: Activate and call DCOM objects without proxy
In the last years, the Local RPC (LRPC) & ALPC have been the subject of scrutiny by some Windows internal enthusiasts and vulnerability researchers.
In this article, we will go a step further to explore what can be done about LocalServer DCOM objects, how to instantiate them and directly connect to their interfaces without using the COM proxy clients normally rely on!
This will give us an excuse to explore some COM internals, understand part of the combase DLL & write more fun python code !
Read more...