SessionHop is a C# tool leveraging the IHxHelpPaneServer COM object to hijack Windows user sessions. Configured to run as an Interactive User, it creates a session moniker and uses the COM object's Execute interface to run files within another user's session.
Key Features:
- Session Hijacking: Exploits the
IHxHelpPaneServerCOM object for session takeover. - Interactive User Context: Operates within the context of an interactive user for broader access.
- Arbitrary File Execution: Enables running any executable within the targeted user session.
- Alternative to Injection: Provides a method to keylog, screenshot, or access LDAP without remote process injection or lsass dumping.
Use Cases:
- Post-exploitation scenarios requiring access to specific user sessions.
- Circumventing security measures that restrict process injection.
- Gaining user-level privileges for lateral movement and data exfiltration.
