1
0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-01-13 19:50:58 +01:00
mgeeky-Penetration-Testing-.../red-teaming/code-exec-templates/README.md

71 lines
2.2 KiB
Markdown
Raw Normal View History

### A small collection of unobfuscated code-execution primitives in different languages
A handy collection of small primitives/templates useulf for code-execution, downloading or otherwise offensive purposes. Whenever a quick sample of VBScript/JScript/C# code is needed - this directory should bring you one.
Windows Script Host (WSH) subsystem can execute VBScript/JScript scritplets using two pre-installed interpreters:
- `cscript.exe` - to be used for command-line, dynamic script execution. **Doesn't load AMSI**
- `wscript.exe` - For general scripts execution. **This one loads AMSI**
---
#### VBScript
- **`download-file-and-exec.vbs`** - Downloads a binary file using `Msxml2.ServerXMLHTTP`, stores it to the disk `Adodb.Stream` and then launches it via `Wscript.Shell Run`
- **`download-powershell-and-exec-via-stdin`** - Downloads a Powershell script/commands from a given URL and passes them to _Powershell_'s `StdIn`
- **`drop-binary-file-and-launch.vbs`** - Drops embedded base64 encoded binary file to disk and then launches it.
- **`wmi-exec-command.vbs`** - Example of VBScript code execution via WMI class' `Win32_Process` static method `Create`
- **`wscript-shell-code-exec.vbs`** - Code execution via `WScript.Shell` in a hidden window.
- **`wscript-shell-stdin-code-exec.vbs`** - Code execution via `WScript.Shell` in a hidden window through a command passed from StdIn to `powershell`
---
#### JScript
---
#### XSL
XSL files can be executed in the following ways:
- Using `wmic.exe`:
```
wmic os get /format:"jscript-xslt-template.xsl"
```
Templates:
- **`hello-world-jscript-xslt.xsl`** - A sample backbone for XSLT file with JScript code showing a simple message box.
- **`wscript-shell-run-jscript-xslt.xsl`** - JScript XSLT with `WScript.Shell.Run` method
---
#### COM Scriptlets
Sample code execution with `regsvr32` can be following:
```
regsvr32 /u /n /s /i:wscript-shell-run-jscript-scriptlet.sct scrobj.dll
```
- **`wscript-shell-run-jscript-scriptlet.sct`** - SCT file with JSCript code execution via `WScript.Shell.Run`
---
#### HTA
HTA files are HTML Applications
2020-05-06 19:22:32 +02:00
- **`wscript-shell-run-vbscript.hta`** - A backbone for `WScript.Shell.Run` via _VBScript_