mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-29 13:56:54 +01:00
71 lines
2.2 KiB
Markdown
71 lines
2.2 KiB
Markdown
### A small collection of unobfuscated code-execution primitives in different languages
|
|
|
|
A handy collection of small primitives/templates useulf for code-execution, downloading or otherwise offensive purposes. Whenever a quick sample of VBScript/JScript/C# code is needed - this directory should bring you one.
|
|
|
|
Windows Script Host (WSH) subsystem can execute VBScript/JScript scritplets using two pre-installed interpreters:
|
|
|
|
- `cscript.exe` - to be used for command-line, dynamic script execution. **Doesn't load AMSI**
|
|
|
|
- `wscript.exe` - For general scripts execution. **This one loads AMSI**
|
|
|
|
|
|
---
|
|
|
|
#### VBScript
|
|
|
|
- **`download-file-and-exec.vbs`** - Downloads a binary file using `Msxml2.ServerXMLHTTP`, stores it to the disk `Adodb.Stream` and then launches it via `Wscript.Shell Run`
|
|
|
|
- **`download-powershell-and-exec-via-stdin`** - Downloads a Powershell script/commands from a given URL and passes them to _Powershell_'s `StdIn`
|
|
|
|
- **`drop-binary-file-and-launch.vbs`** - Drops embedded base64 encoded binary file to disk and then launches it.
|
|
|
|
- **`wmi-exec-command.vbs`** - Example of VBScript code execution via WMI class' `Win32_Process` static method `Create`
|
|
|
|
- **`wscript-shell-code-exec.vbs`** - Code execution via `WScript.Shell` in a hidden window.
|
|
|
|
- **`wscript-shell-stdin-code-exec.vbs`** - Code execution via `WScript.Shell` in a hidden window through a command passed from StdIn to `powershell`
|
|
|
|
|
|
---
|
|
|
|
#### JScript
|
|
|
|
|
|
---
|
|
|
|
#### XSL
|
|
|
|
XSL files can be executed in the following ways:
|
|
|
|
- Using `wmic.exe`:
|
|
```
|
|
wmic os get /format:"jscript-xslt-template.xsl"
|
|
```
|
|
|
|
Templates:
|
|
|
|
- **`hello-world-jscript-xslt.xsl`** - A sample backbone for XSLT file with JScript code showing a simple message box.
|
|
|
|
- **`wscript-shell-run-jscript-xslt.xsl`** - JScript XSLT with `WScript.Shell.Run` method
|
|
|
|
|
|
|
|
---
|
|
|
|
#### COM Scriptlets
|
|
|
|
Sample code execution with `regsvr32` can be following:
|
|
```
|
|
regsvr32 /u /n /s /i:wscript-shell-run-jscript-scriptlet.sct scrobj.dll
|
|
```
|
|
|
|
- **`wscript-shell-run-jscript-scriptlet.sct`** - SCT file with JSCript code execution via `WScript.Shell.Run`
|
|
|
|
|
|
---
|
|
|
|
#### HTA
|
|
|
|
HTA files are HTML Applications
|
|
|
|
- **`wscript-shell-run-vbscript.hta`** - A backbone for `WScript.Shell.Run` via _VBScript_ |