首頁 > 開發者 > ASP

引用 解密VBScript.Encode的asp代碼 木馬線上解密

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!

之前看到師兄做了一個查殺屏蔽iframe script 網馬的檔案,用了VBScript.Encode 進行加密,感覺還不錯,於是問他拿了一個工具,順便搜尋了一下,找到了線上解密的原始碼,下面給大家分享一下:

建立一個.htm檔案,將以下內容複寫到裡面即可

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta content="MSHTML 6.00.3790.0" name=generator />
<title>對加密VBScript代碼解密 - VBScript.Encode解密</title>
</head>

<body bgcolor=#7c7e8b leftMargin=0 topMargin=0>
<table cellSpacing=0 cellPadding=0 width=570 align=center bgcolor=#ffffff border=0>
<tr>
<td width=570 vAlign=top bgcolor=#ffffff>
<table cellSpacing=0 cellPadding=0 width=100% bgcolor=#ffffff border=0>
<tr>
<td vAlign=top align=middle width=571 height=222>
<table cellSpacing=0 cellPadding=6 width="100%" align=center border=0>
<tr>
<td width="550" height=10></td>
</tr>
<tr align=center>
<td class="f14"> <strong><font color=#ff6600>VBScript.Encode解密</font></strong></td>
</tr>
</table>
<hr size="1">
<table width="98%" border=0 align=center cellspacing="0" class=tf>

<tr>
<td class=bw width="100%"><font size=2>
<style type=text/css>
a:link {
color: #0083e4; font-family: "宋體"; text-decoration: none
}
a:visited {
color: #0083e4; text-decoration: none
}
a:active {
color: #0083e4; text-decoration: none
}
a:hover {
color: #ff3300; text-decoration: underline
}
.title {
font-size: 22px; color: #ff3300; font-family: "隸書"
}
td {
font-size: 12px
}
</style>

<center>
<table cellPadding=3 bgcolor=#e7e7e7>
<tr>
<td bgcolor=#FFCC00>
<div align=center><font color=#ffffff size=3><strong>Ecode解碼器</strong></font></div></td></tr>

<tr>
<td align=middle height=80>
<script language=JScript>
var STATE_COPY_INPUT = 100
var STATE_READLEN = 101
var STATE_DECODE = 102
var STATE_UNESCAPE = 103
var pick_encoding = new Array(
1, 2, 0, 1, 2, 0, 2, 0, 0, 2, 0, 2, 1, 0, 2, 0,
1, 0, 2, 0, 1, 1, 2, 0, 0, 2, 1, 0, 2, 0, 0, 2,
1, 1, 0, 2, 0, 2, 0, 1, 0, 1, 1, 2, 0, 1, 0, 2,
1, 0, 2, 0, 1, 1, 2, 0, 0, 1, 1, 2, 0, 1, 0, 2
)
var rawData = new Array(
0x64,0x37,0x69, 0x50,0x7E,0x2C, 0x22,0x5A,0x65, 0x4A,0x45,0x72,
0x61,0x3A,0x5B, 0x5E,0x79,0x66, 0x5D,0x59,0x75, 0x5B,0x27,0x4C,
0x42,0x76,0x45, 0x60,0x63,0x76, 0x23,0x62,0x2A, 0x65,0x4D,0x43,
0x5F,0x51,0x33, 0x7E,0x53,0x42, 0x4F,0x52,0x20, 0x52,0x20,0x63,
0x7A,0x26,0x4A, 0x21,0x54,0x5A, 0x46,0x71,0x38, 0x20,0x2B,0x79,
0x26,0x66,0x32, 0x63,0x2A,0x57, 0x2A,0x58,0x6C, 0x76,0x7F,0x2B,
0x47,0x7B,0x46, 0x25,0x30,0x52, 0x2C,0x31,0x4F, 0x29,0x6C,0x3D,
0x69,0x49,0x70, 0x3F,0x3F,0x3F, 0x27,0x78,0x7B, 0x3F,0x3F,0x3F,
0x67,0x5F,0x51, 0x3F,0x3F,0x3F, 0x62,0x29,0x7A, 0x41,0x24,0x7E,
0x5A,0x2F,0x3B, 0x66,0x39,0x47, 0x32,0x33,0x41, 0x73,0x6F,0x77,
0x4D,0x21,0x56, 0x43,0x75,0x5F, 0x71,0x28,0x26, 0x39,0x42,0x78,
0x7C,0x46,0x6E, 0x53,0x4A,0x64, 0x48,0x5C,0x74, 0x31,0x48,0x67,
0x72,0x36,0x7D, 0x6E,0x4B,0x68, 0x70,0x7D,0x35, 0x49,0x5D,0x22,
0x3F,0x6A,0x55, 0x4B,0x50,0x3A, 0x6A,0x69,0x60, 0x2E,0x23,0x6A,
0x7F,0x09,0x71, 0x28,0x70,0x6F, 0x35,0x65,0x49, 0x7D,0x74,0x5C,
0x24,0x2C,0x5D, 0x2D,0x77,0x27, 0x54,0x44,0x59, 0x37,0x3F,0x25,
0x7B,0x6D,0x7C, 0x3D,0x7C,0x23, 0x6C,0x43,0x6D, 0x34,0x38,0x28,
0x6D,0x5E,0x31, 0x4E,0x5B,0x39, 0x2B,0x6E,0x7F, 0x30,0x57,0x36,
0x6F,0x4C,0x54, 0x74,0x34,0x34, 0x6B,0x72,0x62, 0x4C,0x25,0x4E,
0x33,0x56,0x30, 0x56,0x73,0x5E, 0x3A,0x68,0x73, 0x78,0x55,0x09,
0x57,0x47,0x4B, 0x77,0x32,0x61, 0x3B,0x35,0x24, 0x44,0x2E,0x4D,
0x2F,0x64,0x6B, 0x59,0x4F,0x44, 0x45,0x3B,0x21, 0x5C,0x2D,0x37,
0x68,0x41,0x53, 0x36,0x61,0x58, 0x58,0x7A,0x48, 0x79,0x22,0x2E,
0x09,0x60,0x50, 0x75,0x6B,0x2D, 0x38,0x4E,0x29, 0x55,0x3D,0x3F
)
var transformed = new Array()
for (var i=0; i<3; i++) transformed[i] = new Array()
for (var i=31; i<=126; i++) for (var j=0; j<3; j++) transformed[j][rawData[(i-31) * 3 + j]] = (i==31) ? 9 : i

var digits = new Array()
for (var i=0; i<26; i++)
{
digits["A".charCodeAt(0)+i] = i
digits["a".charCodeAt(0)+i] = i+26
}
for (var i=0; i<10; i++) digits["0".charCodeAt(0)+i] = i+52
digits[0x2b] = 62
digits[0x2f] = 63
function unescape(char)
{
var escapes = "#&!*$"
var escaped = "/r/n<>@"
if (char.charCodeAt(0) > 126) return char
if (escapes.indexOf(char) != -1) return escaped.substr(escapes.indexOf(char), 1)
return "?"
}

function decodeBase64(string)
{
var val = 0
val += (digits[string.substr(0,1).charCodeAt(0)] << 2)
val += (digits[string.substr(1,1).charCodeAt(0)] >> 4)
val += (digits[string.substr(1,1).charCodeAt(0)] & 0xf) << 12
val += ((digits[string.substr(2,1).charCodeAt(0)] >> 2) << 8)
val += ((digits[string.substr(2,1).charCodeAt(0)] & 0x3) << 22)
val += (digits[string.substr(3,1).charCodeAt(0)] << 16)
return val
}
function strdec(encodingString)
{

var marker = "#@~^"
var stringIndex = 0
var scriptIndex = -1
var unEncodingIndex = 0
var char = null
var encodingLength = unEncodinglength = 0
var state = STATE_COPY_INPUT
var unEncodingString = ""
var re, arr

while(state)
{
switch (state)
{
case (STATE_COPY_INPUT) :
scriptIndex = encodingString.indexOf(marker, stringIndex)
if (scriptIndex != -1)
{
unEncodingString += encodingString.substring(stringIndex, scriptIndex)
scriptIndex += marker.length
state = STATE_READLEN
}
else
{
stringIndex = stringIndex==0 ? 0 : stringIndex
unEncodingString += encodingString.substr(stringIndex, encodingString.length)
state = 0
}
break

case (STATE_READLEN) :
encodingLength = encodingString.substr(scriptIndex, 6)
unEncodinglength = decodeBase64(encodingLength)
scriptIndex += (6 + "==".length)
state = STATE_DECODE
break

case (STATE_DECODE) :
if (!unEncodinglength)
{
stringIndex = scriptIndex + "DQgAAA==^#~@".length
unEncodingIndex = 0
state = STATE_COPY_INPUT
break
}
char = encodingString.substr(scriptIndex, 1)
if (char == "@") state = STATE_UNESCAPE
else
{
if (char.charCodeAt(0) < 0xFF)
{
unEncodingString += String.fromCharCode(transformed[pick_encoding[unEncodingIndex%64]][char.charCodeAt(0)])
unEncodingIndex++
}
else
{
unEncodingString += char
}
scriptIndex++
unEncodinglength--
break
}

case STATE_UNESCAPE:
unEncodingString += unescape(encodingString.substr(++scriptIndex, 1))
scriptIndex++; unEncodinglength -=2
unEncodingIndex++
state = STATE_DECODE
break
}
}

re = new RegExp("(JScript|VBscript).encode", "gmi")
while(arr = re.exec(unEncodingString)) unEncodingString = RegExp.leftContext + RegExp.$1 + RegExp.rightContext
return unEncodingString
}

</script>

<div align=center>Ecode解碼器</div><textarea id=encodeHTML rows=35 cols=70></textarea> <br><br>
<div align=center><button onclick=encodeHTML.innerText=strdec(encodeHTML.innerText)>解密
<div></div></button></div></td></tr>

<tr>
<td bgcolor=#336699></td></tr></table></center></font></td>
</tr>
</table>
<hr size="1"></td>
</tr>
</table> </td>
</tr></table>
</body>
</html>

本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More