Subtee regsvr32 sct with metasploit web delivery

So I put this out on twitter but failed to document it for historical reasons/find it when I need it.

I was able to replace the PoC payload with the payload from Metasploit’s web delivery and it worked just fine.

original PoC here:

Below we can see the replaced payload:

…and receiving the shell after running the command from the command line:

This is a Security Bloggers Network syndicated blog post authored by CG. Read the original post at: Carnal0wnage & Attack Research Blog