Jump to content

Archived

This topic is now archived and is closed to further replies.

Sergio

[Version 1] Building A Script File From The Windows Run Window

Recommended Posts

I've been playing around with what could be done from the Windows Run window and have the following sample that you guys might be able to build more from.

1. Open Run window (window-R)

2. Create a script file (VBScript for this sample) and execute it with the following command:

cmd /c "echo wscript.echo "hello" > c:\temp\test.vbs && start wscript c:\temp\test.vbs"

A couple of notes about the command:

a. cmd /c is used so that the command window will close on completion

b. I'm using echo to build a text file in some directory (make sure it's a directory that exists and you have rw rights to!)

c. If you want to build a script with multiple lines, you can just use another echo statement, but be sure to use >> instead of > to append to the script file you're building

d. && is used to separate the commands

e. I'm calling the start command instead of wscript directly so that the cmd process doesn't have to wait for the VBScript file to complete before closing the command window

Not a perfect solution, and certainly not a sophisticated payload in this sample, but I'm sure you guys are more creative than me.

Sergio

Share this post


Link to post
Share on other sites
I've been playing around with what could be done from the Windows Run window and have the following sample that you guys might be able to build more from.

1. Open Run window (window-R)

2. Create a script file (VBScript for this sample) and execute it with the following command:

cmd /c "echo wscript.echo "hello" > c:\temp\test.vbs && start wscript c:\temp\test.vbs"

A couple of notes about the command:

a. cmd /c is used so that the command window will close on completion

b. I'm using echo to build a text file in some directory (make sure it's a directory that exists and you have rw rights to!)

c. If you want to build a script with multiple lines, you can just use another echo statement, but be sure to use >> instead of > to append to the script file you're building

d. && is used to separate the commands

e. I'm calling the start command instead of wscript directly so that the cmd process doesn't have to wait for the VBScript file to complete before closing the command window

Not a perfect solution, and certainly not a sophisticated payload in this sample, but I'm sure you guys are more creative than me.

Sergio

TOPTIP:

Use copy con to build scripts instead of echo:

copy con script.vbs

blah.blah

blah.blah.derp

blah[Ctrl+Z or F6]

Share this post


Link to post
Share on other sites
TOPTIP:

Use copy con to build scripts instead of echo:

I use copy con to build text files from the command-line, but it would be difficult to represent the CTRL-Z character in the Run... window text box.

Sergio

Share this post


Link to post
Share on other sites
This could be used to write the source of a program, then run it in the background. RAT i smell? >.<

You don't have much room to enter much of a program in the Run... text box, but if that small program creates a socket connection (http for instance) to a web site containing a more interesting program, that program could be downloaded and run in the background if one were so inclined.

Sergio

Share this post


Link to post
Share on other sites
You don't have much room to enter much of a program in the Run... text box, but if that small program creates a socket connection (http for instance) to a web site containing a more interesting program, that program could be downloaded and run in the background if one were so inclined.

Sergio

Do WindowsKey+R -> iexplorer.exe -> link to program here

That will download a program thats hosted on the internet and will work with all windows computers xp and higher.

Share this post


Link to post
Share on other sites
Do WindowsKey+R -> iexplorer.exe -> link to program here

That will download a program thats hosted on the internet and will work with all windows computers xp and higher.

I don't know of a browser out there that wouldn't alert the user before executing something through a browser. The whole advantage of firing off a wscript script file is running behind the scenes. That script could simply download and run the executable, or download something like srvany and install that exe as a service.

Of course, this whole discussion assumes that stealthiness is desirable.

Sergio

Share this post


Link to post
Share on other sites
I don't know of a browser out there that wouldn't alert the user before executing something through a browser. The whole advantage of firing off a wscript script file is running behind the scenes. That script could simply download and run the executable, or download something like srvany and install that exe as a service.

Of course, this whole discussion assumes that stealthiness is desirable.

Sergio

Im inventing possible ideas. Whos to say the person isnt at there computer when you stick it in?

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...