How to Use vbs to encode scripts in HTA

Q:
Hello, script expert! How to encode the script in HTA?
-- LL
A:
Hello, LL. You know, when we first saw this problem, we thought, "What's the big deal? Isn't it possible to encode scripts in HTML applications (HTA) as in HTML files ?" To our surprise, it seems that the script cannot be encoded in HTA; every time we try to do so, an error message like the following will be returned:
Scripting encoder object ("Scripting. Encoder") failed on C: \ Scripts \ test. hta
Honestly, we have never found a way to encode scripts in HTA. It doesn't matter, because we have come up with a ghost idea to solve this problem. We will show you later.
However, before doing so, we need to spend some time explaining what script encoding means. Microsoft has a utility named Script Encoder, which can "Disrupt" your Script code ". For example, assume that you have a script similar to the following:
StrComputer = "."
Set ob1_miservice = GetObject ("winmgmts: \" & strComputer & "\ root \ cimv2 ")
Set colOperatingSystems = obw.miservice. ExecQuery ("Select * from Win32_OperatingSystem ")
For Each objOperatingSystem in colOperatingSystems
Msgbox objOperatingSystem. Caption & "& objOperatingSystem. Version
Next
Assume that for some reason, you want people to be unable to read the script code. This is a problem: after all, anyone who has the right to run the script has the right to open the script in notepad and read what they want. However, after the same script is processed by the "script encoder", it will look like the following:
#@~ ^ 8 AEAAA ==########, PP ,?! 8PV + OrU. n. kkW @ # @ &, PP ,~~ PkYMZG: 2; D +. P {~ JcJ @ # @ &, PP ~~, P ~ P ,~ U + O, W (Ltq
UnD7k ^ + ,'~! Yr (% + 1Y 'rarxsosyd) wwrP 'pkod; Wh2! Y + .~ LP ~ J'. KWO 'mb: \ yJ *@#@&@#@&~ P, P ~~, PP ,~? YP1Gsra + MlOkULUXdYh /,'~ G (
L \ (U +. \ B ^ R3X + 1pEDH ~ {@#@&~ P, P ~~, PP ,~ P, PPvEj + ^ + 1Y ~ E ~ W
MWhPqrx2 m6a + DCObxL? HdD + hr #####@ & P ,~ P, P ~ P, P ~ OKDPACm4PW (% 6 wDmYr
Xlw./ O + s ~ KP ^ G ^ rwn. mYrxTjH/O: k #&, P ,~ P, P ~ P, P ~~, PHkL4K6PK8 % ra + M
LOkULUXdYhR; l2ObWx ~ ', J ~ J, ', {@ # @ & P, PP, P ,~ P, P ~ P, P ~~, PW (% ra + DmOrxT? H/O + h
J +./bGx @#@&~~, PP ~~, P ~ PgnXY @ # @ & P, PPAx9 ~?! 4 # @ & QYQAAA == #~ @
The script can still run normally, but it is a little difficult for anyone to view the code and plagiarize your work. (You are right: Even so, it is indeed better than you, a script expert! Most of the jokes mentioned in are more meaningful)
Now, it is important to remember that we only encode (or disrupt) the script, but never encrypt it. What does this mean? This means that the encoder hides your script from most people. However, a real hardcore hacker who has knowledge about encoding or has a utility downloaded from the Internet can crack this code. This especially means never "hide" The Administrator password in the script, or "script encoder" to ensure that the password is not snooped. It won't be like what you think, because it is an encoder rather than an encryptor, which is definitely different.
So what about script encoding in HTA? Okay, let's assume that you have an HTA similar to the following (we also assume that you have downloaded and installed the "script encoder "):
<Head>
<Title> Operating System Version </title>
<HTA: APPLICATION
APPLICATIONNAME = "Operating System Version"
SCROLL = "yes"
SINGLEINSTANCE = "yes"
>
</Head>
<Script language = "VBScript">
Sub GetOSVersion
StrComputer = "."
Set ob1_miservice = GetObject ("winmgmts: \" & strComputer & "\ root \ cimv2 ")
Set colOperatingSystems = obw.miservice. ExecQuery _
("Select * from Win32_OperatingSystem ")
For Each objOperatingSystem in colOperatingSystems
Msgbox objOperatingSystem. Caption &""&_
ObjOperatingSystem. Version
Next
End Sub
</Script>
<Body>
<Input type = "button" value = "Operating System" name = "run_button" onClick = "GetOSVersion">
</Body>
To partially Encode the VBScript of HTA, use the '** Start Encode ** tag to mark the Start of the part to be encoded. In other words, the <Script> flag must be like the following to make '** Start Encode ** right before the first line of VBScript code:
<Script language = "VBScript">
'** Start Encode **
Sub GetOSVersion
StrComputer = "."
Set ob1_miservice = GetObject ("winmgmts: \" & strComputer & "\ root \ cimv2 ")
Set colOperatingSystems = obw.miservice. ExecQuery _
("Select * from Win32_OperatingSystem ")
For Each objOperatingSystem in colOperatingSystems
Msgbox objOperatingSystem. Caption &""&_
ObjOperatingSystem. Version
Next
End Sub
</Script>
Theoretically, you can run Screnc.exe and pass two parameters (the existing HTA file (Test. hta) name and the name to be specified to the encoding file (Encoded. (hta) to encode the script:
C: \ Scripts> screnc test. hta encoded. hta
Unfortunately, this does not work.
Why? Oh, we are not sure. However, we know how it works. We only need to change the existing file extension. hta to. htm. In other words, we only need to rename the Test.htm file. The "script encoder" cannot process the HTA file, but there is no problem in processing the HTML file. Now, we can start the "script encoder" using a syntax similar to the following ":
C: \ Scripts> screnc test.htm encoded. hta
Is this indeed feasible? Don't tell us you're skeptical about the scripting experts! The encoded. hta will be similar to the following:
<Head>
<Title> Operating System Version </title>
<HTA: APPLICATION
APPLICATIONNAME = "Operating System Version"
SCROLL = "yes"
SINGLEINSTANCE = "yes"
>
</Head>
<Script language = "VBScript. Encode">
'** Start Encode **#@~ ^ 8 AEAAA ==########, PP ,?! 8PV + OrU. n. kkW @ # @ &, PP ,~~ PkYMZG: 2; D +. P {~ JcJ @ # @ &, PP ~~, P ~ P ,~ U + O, W (Ltq
UnD7k ^ + ,'~! Yr (% + 1Y 'rarxsosyd) wwrP 'pkod; Wh2! Y + .~ LP ~ J'. KWO 'mb: \ yJ *@#@&@#@&~ P, P ~~, PP ,~? YP1Gsra + MlOkULUXdYh /,'~ G (
L \ (U +. \ B ^ R3X + 1pEDH ~ {@#@&~ P, P ~~, PP ,~ P, PPvEj + ^ + 1Y ~ E ~ W
MWhPqrx2 m6a + DCObxL? HdD + hr #####@ & P ,~ P, P ~ P, P ~ OKDPACm4PW (% 6 wDmYr
Xlw./ O + s ~ KP ^ G ^ rwn. mYrxTjH/O: k #&, P ,~ P, P ~ P, P ~~, PHkL4K6PK8 % ra + M
LOkULUXdYhR; l2ObWx ~ ', J ~ J, ', {@ # @ & P, PP, P ,~ P, P ~ P, P ~~, PW (% ra + DmOrxT? H/O + h
J +./bGx @#@&~~, PP ~~, P ~ PgnXY @ # @ & P, PPAx9 ~?! 4 # @ & QYQAAA == #~ @ </Script>
<Body>
<Input type = "button" value = "Operating System" name = "run_button" onClick = "GetOSVersion">
</Body>
It is still a valid HTA; click the button to return the name and version of the operating system installed on the local machine. However, for anyone who tries to view the code, it looks purely messy. (Needless to say, the script experts know this messy information better than anyone else !)