Skip to content

Instantly share code, notes, and snippets.

@UniDyne

UniDyne/test.wsf

Created August 22, 2025 22:57
Show Gist options
  • Save UniDyne/f72fe89b0957495961b8737f9339b9ca to your computer and use it in GitHub Desktop.
Save UniDyne/f72fe89b0957495961b8737f9339b9ca to your computer and use it in GitHub Desktop.
Download ZIP
JScript Runtime - Global Scope
Raw
test.wsf
<?xml version="1.0" encoding="utf-8"?>
<package>
<job id="Test">
<script language="JScript"><![CDATA[
!function(global) {
global.testMe = function() {
// this never executes
WScript.StdOut.WriteLine("Got here.");
return "test";
};
}(this);
function main() {
// outputs 'function'
WScript.StdOut.WriteLine(typeof testMe);
// does nothing
var x = testMe();
WScript.StdOut.WriteLine(x);
}
main();
testMe();
]]></script>
</job>
</package>
@UniDyne
Copy link
Author

UniDyne commented Aug 22, 2025 

Faulting application name: cscript.exe, version: 5.812.10240.16384, time stamp: 0xafcfb588
Faulting module name: scrobj.dll, version: 5.812.10240.16384, time stamp: 0x729e69b6
Exception code: 0xc0000005
Fault offset: 0x000000000001a3f0
Faulting process id: 0x34A0
Faulting application start time: 0x1DC13BAC4F392A9
Faulting application path: C:\WINDOWS\system32\cscript.exe
Faulting module path: C:\Windows\System32\scrobj.dll
Report Id: 4b25611c-47f2-4294-8f53-bef49f12cd90
Faulting package full name: 
Faulting package-relative application ID:

Even if it doesn't say so... it's crashing.

@UniDyne
Copy link
Author

UniDyne commented Aug 22, 2025

0xc0000005 is a memory access violation. Is it exploitable?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment