Jump to content

[Version 1] Building A Script File From The Windows Run Window


Sergio
 Share

Recommended Posts

I've been playing around with what could be done from the Windows Run window and have the following sample that you guys might be able to build more from.

1. Open Run window (window-R)

2. Create a script file (VBScript for this sample) and execute it with the following command:

cmd /c "echo wscript.echo "hello" > c:\temp\test.vbs && start wscript c:\temp\test.vbs"

A couple of notes about the command:

a. cmd /c is used so that the command window will close on completion

b. I'm using echo to build a text file in some directory (make sure it's a directory that exists and you have rw rights to!)

c. If you want to build a script with multiple lines, you can just use another echo statement, but be sure to use >> instead of > to append to the script file you're building

d. && is used to separate the commands

e. I'm calling the start command instead of wscript directly so that the cmd process doesn't have to wait for the VBScript file to complete before closing the command window

Not a perfect solution, and certainly not a sophisticated payload in this sample, but I'm sure you guys are more creative than me.

Sergio

Edited by Sergio
Link to comment
Share on other sites

I've been playing around with what could be done from the Windows Run window and have the following sample that you guys might be able to build more from.

1. Open Run window (window-R)

2. Create a script file (VBScript for this sample) and execute it with the following command:

cmd /c "echo wscript.echo "hello" > c:\temp\test.vbs && start wscript c:\temp\test.vbs"

A couple of notes about the command:

a. cmd /c is used so that the command window will close on completion

b. I'm using echo to build a text file in some directory (make sure it's a directory that exists and you have rw rights to!)

c. If you want to build a script with multiple lines, you can just use another echo statement, but be sure to use >> instead of > to append to the script file you're building

d. && is used to separate the commands

e. I'm calling the start command instead of wscript directly so that the cmd process doesn't have to wait for the VBScript file to complete before closing the command window

Not a perfect solution, and certainly not a sophisticated payload in this sample, but I'm sure you guys are more creative than me.

Sergio

TOPTIP:

Use copy con to build scripts instead of echo:

copy con script.vbs

blah.blah

blah.blah.derp

blah[Ctrl+Z or F6]

Link to comment
Share on other sites

TOPTIP:

Use copy con to build scripts instead of echo:

I use copy con to build text files from the command-line, but it would be difficult to represent the CTRL-Z character in the Run... window text box.

Sergio

Edited by Sergio
Link to comment
Share on other sites

This could be used to write the source of a program, then run it in the background. RAT i smell? >.<

You don't have much room to enter much of a program in the Run... text box, but if that small program creates a socket connection (http for instance) to a web site containing a more interesting program, that program could be downloaded and run in the background if one were so inclined.

Sergio

Link to comment
Share on other sites

You don't have much room to enter much of a program in the Run... text box, but if that small program creates a socket connection (http for instance) to a web site containing a more interesting program, that program could be downloaded and run in the background if one were so inclined.

Sergio

Do WindowsKey+R -> iexplorer.exe -> link to program here

That will download a program thats hosted on the internet and will work with all windows computers xp and higher.

Link to comment
Share on other sites

Do WindowsKey+R -> iexplorer.exe -> link to program here

That will download a program thats hosted on the internet and will work with all windows computers xp and higher.

I don't know of a browser out there that wouldn't alert the user before executing something through a browser. The whole advantage of firing off a wscript script file is running behind the scenes. That script could simply download and run the executable, or download something like srvany and install that exe as a service.

Of course, this whole discussion assumes that stealthiness is desirable.

Sergio

Link to comment
Share on other sites

I don't know of a browser out there that wouldn't alert the user before executing something through a browser. The whole advantage of firing off a wscript script file is running behind the scenes. That script could simply download and run the executable, or download something like srvany and install that exe as a service.

Of course, this whole discussion assumes that stealthiness is desirable.

Sergio

Im inventing possible ideas. Whos to say the person isnt at there computer when you stick it in?
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...