Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mgeeky-Penetration-Testing-.../red-teaming/code-exec-templates
History
Mariusz B. / mgeeky 558762a498 updates 2021-10-24 23:11:42 +02:00
..
README.md Added code-exec-templates and some additions to rogue-dot-net 2020-05-07 01:42:52 +02:00
download-file-and-exec.vbs updates 2021-10-24 23:11:42 +02:00
download-powershell-and-exec-via-stdin.vbs updates 2021-10-24 23:11:42 +02:00
drop-binary-file-and-launch.vbs updates 2021-10-24 23:11:42 +02:00
hello-world-jscript-xslt.xsl Added code-exec-templates and some additions to rogue-dot-net 2020-05-07 01:42:52 +02:00
wmi-exec-command.vbs updates 2021-10-24 23:11:42 +02:00
wscript-shell-code-exec.vbs updates 2021-10-24 23:11:42 +02:00
wscript-shell-run-jscript-scriptlet.sct Added code-exec-templates and some additions to rogue-dot-net 2020-05-07 01:42:52 +02:00
wscript-shell-run-jscript-xslt.xsl Added code-exec-templates and some additions to rogue-dot-net 2020-05-07 01:42:52 +02:00
wscript-shell-run-vbscript.hta Added code-exec-templates and some additions to rogue-dot-net 2020-05-07 01:42:52 +02:00
wscript-shell-stdin-code-exec.vbs updates 2021-10-24 23:11:42 +02:00

README.md

A small collection of unobfuscated code-execution primitives in different languages

A handy collection of small primitives/templates useulf for code-execution, downloading or otherwise offensive purposes. Whenever a quick sample of VBScript/JScript/C# code is needed - this directory should bring you one.

Windows Script Host (WSH) subsystem can execute VBScript/JScript scritplets using two pre-installed interpreters:

  • cscript.exe - to be used for command-line, dynamic script execution. Doesn't load AMSI

  • wscript.exe - For general scripts execution. This one loads AMSI

VBScript

  • download-file-and-exec.vbs - Downloads a binary file using Msxml2.ServerXMLHTTP, stores it to the disk Adodb.Stream and then launches it via Wscript.Shell Run

  • download-powershell-and-exec-via-stdin - Downloads a Powershell script/commands from a given URL and passes them to Powershell's StdIn

  • drop-binary-file-and-launch.vbs - Drops embedded base64 encoded binary file to disk and then launches it.

  • wmi-exec-command.vbs - Example of VBScript code execution via WMI class' Win32_Process static method Create

  • wscript-shell-code-exec.vbs - Code execution via WScript.Shell in a hidden window.

  • wscript-shell-stdin-code-exec.vbs - Code execution via WScript.Shell in a hidden window through a command passed from StdIn to powershell

JScript

XSL

XSL files can be executed in the following ways:

  • Using wmic.exe:
wmic os get /format:"jscript-xslt-template.xsl"

Templates:

  • hello-world-jscript-xslt.xsl - A sample backbone for XSLT file with JScript code showing a simple message box.

  • wscript-shell-run-jscript-xslt.xsl - JScript XSLT with WScript.Shell.Run method

COM Scriptlets

Sample code execution with regsvr32 can be following:

regsvr32 /u /n /s /i:wscript-shell-run-jscript-scriptlet.sct scrobj.dll
  • wscript-shell-run-jscript-scriptlet.sct - SCT file with JSCript code execution via WScript.Shell.Run

HTA

HTA files are HTML Applications

  • wscript-shell-run-vbscript.hta - A backbone for WScript.Shell.Run via VBScript