MHaggis/AppLockerAtomicTest.hta Secret

## AppLockerAtomicTest.hta
<html>
<head>
<title>Atomic Red Team Test</title>
<HTA:APPLICATION
  APPLICATIONNAME="AtomicRedTeamTest"
  ID="AtomicRedTeamTest"
  VERSION="1.0"
  MAXIMIZEBUTTON="no"
  MINIMIZEBUTTON="no"
  BORDER="thin"
  SCROLL="no"
  SINGLEINSTANCE="yes"
/>

<script language="VBScript">
Sub Window_OnLoad
    ' Display the image
    document.getElementById("imgAtomic").src = "https://www.redcanary.com/wp-content/uploads/image2-25.png"
End Sub

Sub CreateAndRunVBS
    Dim strProfilePath, strVBScriptFileName, strVBScriptContent
    strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
    strVBScriptFileName = strProfilePath & "\test.vbs"
    strVBScriptContent = "MsgBox ""Hello from Atomic Red Team - VBS"""

    Dim objFSO, objVBScriptFile
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objVBScriptFile = objFSO.CreateTextFile(strVBScriptFileName, True)
    objVBScriptFile.WriteLine strVBScriptContent
    objVBScriptFile.Close

    CreateObject("WScript.Shell").Run strVBScriptFileName, 0, True
End Sub

Sub CreateAndRunJS
    Dim strProfilePath, strJSFileName, strJSContent
    strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
    strJSFileName = strProfilePath & "\test.js"
    strJSContent = "WScript.Echo('Hello from Atomic Red Team - JS');"

    Dim objFSO, objJSFile
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objJSFile = objFSO.CreateTextFile(strJSFileName, True)
    objJSFile.WriteLine strJSContent
    objJSFile.Close

    CreateObject("WScript.Shell").Run "wscript " & strJSFileName, 0, True
End Sub

Sub CreateAndRunCMD
    Dim strProfilePath, strCMDFileName, strCMDContent
    strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
    strCMDFileName = strProfilePath & "\test.cmd"
    strCMDContent = "@echo off" & vbCrLf & "echo Hello from Atomic Red Team - CMD" & vbCrLf & "pause"

    Dim objFSO, objCMDFile
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objCMDFile = objFSO.CreateTextFile(strCMDFileName, True)
    objCMDFile.WriteLine strCMDContent
    objCMDFile.Close

    CreateObject("WScript.Shell").Run strCMDFileName, 0, True
End Sub

Sub CreateAndRunBAT
    Dim strProfilePath, strBATFileName, strBATContent
    strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
    strBATFileName = strProfilePath & "\test.bat"
    strBATContent = "@echo off" & vbCrLf & "echo Hello from Atomic Red Team - BAT" & vbCrLf & "pause"

    Dim objFSO, objBATFile
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objBATFile = objFSO.CreateTextFile(strBATFileName, True)
    objBATFile.WriteLine strBATContent
    objBATFile.Close

    CreateObject("WScript.Shell").Run strBATFileName, 0, True
End Sub

Sub CopyAndRunCalc
    Dim strSystem32Path, strProfilePath, strCalcSource, strCalcTarget
    strSystem32Path = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%WINDIR%") & "\System32"
    strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
    strCalcSource = strSystem32Path & "\calc.exe"
    strCalcTarget = strProfilePath & "\calc.exe"

    ' Copy calc.exe from System32 to the user's profile directory
    Dim objFSO
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    If objFSO.FileExists(strCalcSource) Then
        objFSO.CopyFile strCalcSource, strCalcTarget, True
    End If

    ' Attempt to run calc.exe from the new location
    CreateObject("WScript.Shell").Run strCalcTarget, 1, False
End Sub
Sub CreateAndRunNewHTA
    ' Define the path and content for the new HTA
    Dim strProfilePath, strHTAFileName, strHTAContent
    strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
    strHTAFileName = strProfilePath & "\testHTA.hta"

    ' HTA content - a simple HTA that displays a message
    strHTAContent = "<html><head><title>Test HTA</title></head><body><h1>Hello from the new HTA!</h1><p>This is a test HTA created and executed from another HTA.</p></body></html>"

    ' Write the HTA content to the file
    Dim objFSO, objHTAFile
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objHTAFile = objFSO.CreateTextFile(strHTAFileName, True)
    objHTAFile.WriteLine strHTAContent
    objHTAFile.Close

    ' Execute the new HTA file
    CreateObject("WScript.Shell").Run "mshta.exe """ & strHTAFileName & """", 1, False
End Sub
</script>
</head>
<body>
<img id="imgAtomic" width="200" height="200" alt="Atomic Red Team Logo">
<br>
<input type="button" value="Create and Run VBS" onclick="CreateAndRunVBS">
<input type="button" value="Create and Run JS" onclick="CreateAndRunJS">
<input type="button" value="Create and Run CMD" onclick="CreateAndRunCMD">
<input type="button" value="Create and Run BAT" onclick="CreateAndRunBAT">
<input type="button" value="Copy and Run Calc.exe" onclick="CopyAndRunCalc">
<input type="button" value="Create and Run HTA" onclick="CreateAndRunNewHTA">
</body>
</html>
	<html>
	<head>
	<title>Atomic Red Team Test</title>
	<HTA:APPLICATION
	APPLICATIONNAME="AtomicRedTeamTest"
	ID="AtomicRedTeamTest"
	VERSION="1.0"
	MAXIMIZEBUTTON="no"
	MINIMIZEBUTTON="no"
	BORDER="thin"
	SCROLL="no"
	SINGLEINSTANCE="yes"
	/>

	<script language="VBScript">
	Sub Window_OnLoad
	' Display the image
	document.getElementById("imgAtomic").src = "https://www.redcanary.com/wp-content/uploads/image2-25.png"
	End Sub

	Sub CreateAndRunVBS
	Dim strProfilePath, strVBScriptFileName, strVBScriptContent
	strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
	strVBScriptFileName = strProfilePath & "\test.vbs"
	strVBScriptContent = "MsgBox ""Hello from Atomic Red Team - VBS"""

	Dim objFSO, objVBScriptFile
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objVBScriptFile = objFSO.CreateTextFile(strVBScriptFileName, True)
	objVBScriptFile.WriteLine strVBScriptContent
	objVBScriptFile.Close

	CreateObject("WScript.Shell").Run strVBScriptFileName, 0, True
	End Sub

	Sub CreateAndRunJS
	Dim strProfilePath, strJSFileName, strJSContent
	strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
	strJSFileName = strProfilePath & "\test.js"
	strJSContent = "WScript.Echo('Hello from Atomic Red Team - JS');"

	Dim objFSO, objJSFile
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objJSFile = objFSO.CreateTextFile(strJSFileName, True)
	objJSFile.WriteLine strJSContent
	objJSFile.Close

	CreateObject("WScript.Shell").Run "wscript " & strJSFileName, 0, True
	End Sub

	Sub CreateAndRunCMD
	Dim strProfilePath, strCMDFileName, strCMDContent
	strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
	strCMDFileName = strProfilePath & "\test.cmd"
	strCMDContent = "@echo off" & vbCrLf & "echo Hello from Atomic Red Team - CMD" & vbCrLf & "pause"

	Dim objFSO, objCMDFile
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objCMDFile = objFSO.CreateTextFile(strCMDFileName, True)
	objCMDFile.WriteLine strCMDContent
	objCMDFile.Close

	CreateObject("WScript.Shell").Run strCMDFileName, 0, True
	End Sub

	Sub CreateAndRunBAT
	Dim strProfilePath, strBATFileName, strBATContent
	strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
	strBATFileName = strProfilePath & "\test.bat"
	strBATContent = "@echo off" & vbCrLf & "echo Hello from Atomic Red Team - BAT" & vbCrLf & "pause"

	Dim objFSO, objBATFile
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objBATFile = objFSO.CreateTextFile(strBATFileName, True)
	objBATFile.WriteLine strBATContent
	objBATFile.Close

	CreateObject("WScript.Shell").Run strBATFileName, 0, True
	End Sub

	Sub CopyAndRunCalc
	Dim strSystem32Path, strProfilePath, strCalcSource, strCalcTarget
	strSystem32Path = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%WINDIR%") & "\System32"
	strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
	strCalcSource = strSystem32Path & "\calc.exe"
	strCalcTarget = strProfilePath & "\calc.exe"

	' Copy calc.exe from System32 to the user's profile directory
	Dim objFSO
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	If objFSO.FileExists(strCalcSource) Then
	objFSO.CopyFile strCalcSource, strCalcTarget, True
	End If

	' Attempt to run calc.exe from the new location
	CreateObject("WScript.Shell").Run strCalcTarget, 1, False
	End Sub
	Sub CreateAndRunNewHTA
	' Define the path and content for the new HTA
	Dim strProfilePath, strHTAFileName, strHTAContent
	strProfilePath = CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERPROFILE%")
	strHTAFileName = strProfilePath & "\testHTA.hta"

	' HTA content - a simple HTA that displays a message
	strHTAContent = "<html><head><title>Test HTA</title></head><body><h1>Hello from the new HTA!</h1><p>This is a test HTA created and executed from another HTA.</p></body></html>"

	' Write the HTA content to the file
	Dim objFSO, objHTAFile
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objHTAFile = objFSO.CreateTextFile(strHTAFileName, True)
	objHTAFile.WriteLine strHTAContent
	objHTAFile.Close

	' Execute the new HTA file
	CreateObject("WScript.Shell").Run "mshta.exe """ & strHTAFileName & """", 1, False
	End Sub
	</script>
	</head>
	<body>
	<img id="imgAtomic" width="200" height="200" alt="Atomic Red Team Logo">
	<br>
	<input type="button" value="Create and Run VBS" onclick="CreateAndRunVBS">
	<input type="button" value="Create and Run JS" onclick="CreateAndRunJS">
	<input type="button" value="Create and Run CMD" onclick="CreateAndRunCMD">
	<input type="button" value="Create and Run BAT" onclick="CreateAndRunBAT">
	<input type="button" value="Copy and Run Calc.exe" onclick="CopyAndRunCalc">
	<input type="button" value="Create and Run HTA" onclick="CreateAndRunNewHTA">
	</body>
	</html>