Using Windows Script Host and COM to Hack Windows

Windows Script Host (WSH) is a command line scripting engine present on many Windows systems. It is a powerful tool for system administration and as such, it is equally useful to an attacker. WSH scripts can call Windows COM components unlocking a vast array of potential attack vectors. Many useful COM components are likely to be present and enabled on target Windows systems. This paper explores how WSH scripts and COM components may be used in penetration testing. It demonstrates how to create command line scripts that can move binary files across a firewall via HTTP or email, discover and alter system configuration, access network services and control local hardware on the target to gather intelligence and perform social engineering attacks.