Name: Anonymous 2008-07-15 18:42
Whoever wrote x.hta is retarded:
>f.copyfile(n,"c:\\windows\\x.hta")
won't run on normal user accounts (and it won't run on Vista without elevation, which would be stupid to do for a script).
But that's not the stupid part. THIS is the stupid part:
>new ActiveXObject("wscript.shell").regwrite("HKCU\\software\\microsoft\\windows\\currentversion\\run\\z","c:\\windows\\x.hta")
If the script wrote the file to c:\windows, then it MUST have administrative access. Therefore, it makes no sense to place z in the USER's run key, since placing it in the MACHINE run key should also succeed.
The only thing that prevents the script from failing entirely is the \x7f. Nice way to obscure code even further.
>f.copyfile(n,"c:\\windows\\x.hta")
won't run on normal user accounts (and it won't run on Vista without elevation, which would be stupid to do for a script).
But that's not the stupid part. THIS is the stupid part:
>new ActiveXObject("wscript.shell").regwrite("HKCU\\software\\microsoft\\windows\\currentversion\\run\\z","c:\\windows\\x.hta")
If the script wrote the file to c:\windows, then it MUST have administrative access. Therefore, it makes no sense to place z in the USER's run key, since placing it in the MACHINE run key should also succeed.
The only thing that prevents the script from failing entirely is the \x7f. Nice way to obscure code even further.