Sergio Posted April 24, 2010 Share Posted April 24, 2010 (edited) I've been playing around with what could be done from the Windows Run window and have the following sample that you guys might be able to build more from. 1. Open Run window (window-R) 2. Create a script file (VBScript for this sample) and execute it with the following command: cmd /c "echo wscript.echo "hello" > c:\temp\test.vbs && start wscript c:\temp\test.vbs" A couple of notes about the command: a. cmd /c is used so that the command window will close on completion b. I'm using echo to build a text file in some directory (make sure it's a directory that exists and you have rw rights to!) c. If you want to build a script with multiple lines, you can just use another echo statement, but be sure to use >> instead of > to append to the script file you're building d. && is used to separate the commands e. I'm calling the start command instead of wscript directly so that the cmd process doesn't have to wait for the VBScript file to complete before closing the command window Not a perfect solution, and certainly not a sophisticated payload in this sample, but I'm sure you guys are more creative than me. Sergio Edited April 24, 2010 by Sergio Quote Link to comment Share on other sites More sharing options...
AndrewFaulds Posted April 24, 2010 Share Posted April 24, 2010 I've been playing around with what could be done from the Windows Run window and have the following sample that you guys might be able to build more from. 1. Open Run window (window-R) 2. Create a script file (VBScript for this sample) and execute it with the following command: cmd /c "echo wscript.echo "hello" > c:\temp\test.vbs && start wscript c:\temp\test.vbs" A couple of notes about the command: a. cmd /c is used so that the command window will close on completion b. I'm using echo to build a text file in some directory (make sure it's a directory that exists and you have rw rights to!) c. If you want to build a script with multiple lines, you can just use another echo statement, but be sure to use >> instead of > to append to the script file you're building d. && is used to separate the commands e. I'm calling the start command instead of wscript directly so that the cmd process doesn't have to wait for the VBScript file to complete before closing the command window Not a perfect solution, and certainly not a sophisticated payload in this sample, but I'm sure you guys are more creative than me. Sergio TOPTIP: Use copy con to build scripts instead of echo: copy con script.vbs blah.blah blah.blah.derp blah[Ctrl+Z or F6] Quote Link to comment Share on other sites More sharing options...
DjMaddius Posted April 24, 2010 Share Posted April 24, 2010 This could be used to write the source of a program, then run it in the background. RAT i smell? >.< Quote Link to comment Share on other sites More sharing options...
Sergio Posted April 25, 2010 Author Share Posted April 25, 2010 (edited) TOPTIP: Use copy con to build scripts instead of echo: I use copy con to build text files from the command-line, but it would be difficult to represent the CTRL-Z character in the Run... window text box. Sergio Edited April 25, 2010 by Sergio Quote Link to comment Share on other sites More sharing options...
Sergio Posted April 25, 2010 Author Share Posted April 25, 2010 This could be used to write the source of a program, then run it in the background. RAT i smell? >.< You don't have much room to enter much of a program in the Run... text box, but if that small program creates a socket connection (http for instance) to a web site containing a more interesting program, that program could be downloaded and run in the background if one were so inclined. Sergio Quote Link to comment Share on other sites More sharing options...
DjMaddius Posted April 25, 2010 Share Posted April 25, 2010 You don't have much room to enter much of a program in the Run... text box, but if that small program creates a socket connection (http for instance) to a web site containing a more interesting program, that program could be downloaded and run in the background if one were so inclined. Sergio Do WindowsKey+R -> iexplorer.exe -> link to program here That will download a program thats hosted on the internet and will work with all windows computers xp and higher. Quote Link to comment Share on other sites More sharing options...
Sergio Posted April 25, 2010 Author Share Posted April 25, 2010 Do WindowsKey+R -> iexplorer.exe -> link to program here That will download a program thats hosted on the internet and will work with all windows computers xp and higher. I don't know of a browser out there that wouldn't alert the user before executing something through a browser. The whole advantage of firing off a wscript script file is running behind the scenes. That script could simply download and run the executable, or download something like srvany and install that exe as a service. Of course, this whole discussion assumes that stealthiness is desirable. Sergio Quote Link to comment Share on other sites More sharing options...
DjMaddius Posted April 25, 2010 Share Posted April 25, 2010 I don't know of a browser out there that wouldn't alert the user before executing something through a browser. The whole advantage of firing off a wscript script file is running behind the scenes. That script could simply download and run the executable, or download something like srvany and install that exe as a service. Of course, this whole discussion assumes that stealthiness is desirable. Sergio Im inventing possible ideas. Whos to say the person isnt at there computer when you stick it in? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.