Microsoft stated, "The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network in a reliable, secure, and efficient manner." DCOM is installed on most Windows machines by default and runs without noticed by the users. If one knew the account name and the password of a remote machine, one can remotely control the software component on it using DCOM. For example, Internet Explorer is one of the software components that can be controlled. IE'en remotely controls Internet Explorer using DCOM.
Summary of IE'en Functionalities:
* Remotely connects to or activates Internet Explorer
* Captures data sent and received using Internet Explorer
* Even on SSL encrypted websites (e.g. Hotmail) IE'en can capture user ID and password in plain text.
* Change the web page on the remote IE window.
Usage:
1) Start ieen_s.exe using accounts with administrator privileges.
2) Input the IP address of the remote machine into the "Remote IP" field.
3) Input the username and the password of the user currently logged in at the remote machine into the "Username" and "Password" field.
4) Press the "OK" button to connect to the remote machine.
5) If IE'en successfully connects to the remote machine, a new window will pop up. From the Window list, select one IE window that you intend to monitor. Then data sent to or received from IE will be displayed.
6) To see more detailed transaction records. Double Click on one of the QUERY STRING/POST DATA/COOKIES/CONTENTS field.
7) To change the web page on the remote IE window, type the desired URL into the "URL" field, and then press the "Go" button.
8) To monitor another IE window, press the "Disconnect" button and then select another IE from the "Window" list.
9) To create a new window on the remote machine, press the "New Window" button.
10) To monitor another remote machine, select "Exit" from the "File" menu and then start from step #2 again with a different remote IP.
