引用 解密VBScript.Encode的asp代码 木马在线解密
2011-04-25 21:20
477 查看
之前看到师兄做了一个查杀屏蔽iframe script 网马的文件,用了VBScript.Encode 进行加密,感觉还不错,于是问他拿了一个工具,顺便搜索了一下,找到了在线解密的源代码,下面给大家分享一下:
新建一个.htm文件,将以下内容复制到里面即可
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta content="MSHTML 6.00.3790.0" name=generator />
<title>对加密VBScript代码解密 - VBScript.Encode解密</title>
</head>
<body bgcolor=#7c7e8b leftMargin=0 topMargin=0>
<table cellSpacing=0 cellPadding=0 width=570 align=center bgcolor=#ffffff border=0>
<tr>
<td width=570 vAlign=top bgcolor=#ffffff>
<table cellSpacing=0 cellPadding=0 width=100% bgcolor=#ffffff border=0>
<tr>
<td vAlign=top align=middle width=571 height=222>
<table cellSpacing=0 cellPadding=6 width="100%" align=center border=0>
<tr>
<td width="550" height=10></td>
</tr>
<tr align=center>
<td class="f14"> <strong><font color=#ff6600>VBScript.Encode解密</font></strong></td>
</tr>
</table>
<hr size="1">
<table width="98%" border=0 align=center cellspacing="0" class=tf>
<tr>
<td class=bw width="100%"><font size=2>
<style type=text/css>
a:link {
color: #0083e4; font-family: "宋体"; text-decoration: none
}
a:visited {
color: #0083e4; text-decoration: none
}
a:active {
color: #0083e4; text-decoration: none
}
a:hover {
color: #ff3300; text-decoration: underline
}
.title {
font-size: 22px; color: #ff3300; font-family: "隶书"
}
td {
font-size: 12px
}
</style>
<center>
<table cellPadding=3 bgcolor=#e7e7e7>
<tr>
<td bgcolor=#FFCC00>
<div align=center><font color=#ffffff size=3><strong>Ecode解码器</strong></font></div></td></tr>
<tr>
<td align=middle height=80>
<script language=JScript>
var STATE_COPY_INPUT = 100
var STATE_READLEN = 101
var STATE_DECODE = 102
var STATE_UNESCAPE = 103
var pick_encoding = new Array(
1, 2, 0, 1, 2, 0, 2, 0, 0, 2, 0, 2, 1, 0, 2, 0,
1, 0, 2, 0, 1, 1, 2, 0, 0, 2, 1, 0, 2, 0, 0, 2,
1, 1, 0, 2, 0, 2, 0, 1, 0, 1, 1, 2, 0, 1, 0, 2,
1, 0, 2, 0, 1, 1, 2, 0, 0, 1, 1, 2, 0, 1, 0, 2
)
var rawData = new Array(
0x64,0x37,0x69, 0x50,0x7E,0x2C, 0x22,0x5A,0x65, 0x4A,0x45,0x72,
0x61,0x3A,0x5B, 0x5E,0x79,0x66, 0x5D,0x59,0x75, 0x5B,0x27,0x4C,
0x42,0x76,0x45, 0x60,0x63,0x76, 0x23,0x62,0x2A, 0x65,0x4D,0x43,
0x5F,0x51,0x33, 0x7E,0x53,0x42, 0x4F,0x52,0x20, 0x52,0x20,0x63,
0x7A,0x26,0x4A, 0x21,0x54,0x5A, 0x46,0x71,0x38, 0x20,0x2B,0x79,
0x26,0x66,0x32, 0x63,0x2A,0x57, 0x2A,0x58,0x6C, 0x76,0x7F,0x2B,
0x47,0x7B,0x46, 0x25,0x30,0x52, 0x2C,0x31,0x4F, 0x29,0x6C,0x3D,
0x69,0x49,0x70, 0x3F,0x3F,0x3F, 0x27,0x78,0x7B, 0x3F,0x3F,0x3F,
0x67,0x5F,0x51, 0x3F,0x3F,0x3F, 0x62,0x29,0x7A, 0x41,0x24,0x7E,
0x5A,0x2F,0x3B, 0x66,0x39,0x47, 0x32,0x33,0x41, 0x73,0x6F,0x77,
0x4D,0x21,0x56, 0x43,0x75,0x5F, 0x71,0x28,0x26, 0x39,0x42,0x78,
0x7C,0x46,0x6E, 0x53,0x4A,0x64, 0x48,0x5C,0x74, 0x31,0x48,0x67,
0x72,0x36,0x7D, 0x6E,0x4B,0x68, 0x70,0x7D,0x35, 0x49,0x5D,0x22,
0x3F,0x6A,0x55, 0x4B,0x50,0x3A, 0x6A,0x69,0x60, 0x2E,0x23,0x6A,
0x7F,0x09,0x71, 0x28,0x70,0x6F, 0x35,0x65,0x49, 0x7D,0x74,0x5C,
0x24,0x2C,0x5D, 0x2D,0x77,0x27, 0x54,0x44,0x59, 0x37,0x3F,0x25,
0x7B,0x6D,0x7C, 0x3D,0x7C,0x23, 0x6C,0x43,0x6D, 0x34,0x38,0x28,
0x6D,0x5E,0x31, 0x4E,0x5B,0x39, 0x2B,0x6E,0x7F, 0x30,0x57,0x36,
0x6F,0x4C,0x54, 0x74,0x34,0x34, 0x6B,0x72,0x62, 0x4C,0x25,0x4E,
0x33,0x56,0x30, 0x56,0x73,0x5E, 0x3A,0x68,0x73, 0x78,0x55,0x09,
0x57,0x47,0x4B, 0x77,0x32,0x61, 0x3B,0x35,0x24, 0x44,0x2E,0x4D,
0x2F,0x64,0x6B, 0x59,0x4F,0x44, 0x45,0x3B,0x21, 0x5C,0x2D,0x37,
0x68,0x41,0x53, 0x36,0x61,0x58, 0x58,0x7A,0x48, 0x79,0x22,0x2E,
0x09,0x60,0x50, 0x75,0x6B,0x2D, 0x38,0x4E,0x29, 0x55,0x3D,0x3F
)
var transformed = new Array()
for (var i=0; i<3; i++) transformed[i] = new Array()
for (var i=31; i<=126; i++) for (var j=0; j<3; j++) transformed[j][rawData[(i-31) * 3 + j]] = (i==31) ? 9 : i
var digits = new Array()
for (var i=0; i<26; i++)
{
digits["A".charCodeAt(0)+i] = i
digits["a".charCodeAt(0)+i] = i+26
}
for (var i=0; i<10; i++) digits["0".charCodeAt(0)+i] = i+52
digits[0x2b] = 62
digits[0x2f] = 63
function unescape(char)
{
var escapes = "#&!*$"
var escaped = "/r/n<>@"
if (char.charCodeAt(0) > 126) return char
if (escapes.indexOf(char) != -1) return escaped.substr(escapes.indexOf(char), 1)
return "?"
}
function decodeBase64(string)
{
var val = 0
val += (digits[string.substr(0,1).charCodeAt(0)] << 2)
val += (digits[string.substr(1,1).charCodeAt(0)] >> 4)
val += (digits[string.substr(1,1).charCodeAt(0)] & 0xf) << 12
val += ((digits[string.substr(2,1).charCodeAt(0)] >> 2) << 8)
val += ((digits[string.substr(2,1).charCodeAt(0)] & 0x3) << 22)
val += (digits[string.substr(3,1).charCodeAt(0)] << 16)
return val
}
function strdec(encodingString)
{
var marker = "#@~^"
var stringIndex = 0
var scriptIndex = -1
var unEncodingIndex = 0
var char = null
var encodingLength = unEncodinglength = 0
var state = STATE_COPY_INPUT
var unEncodingString = ""
var re, arr
while(state)
{
switch (state)
{
case (STATE_COPY_INPUT) :
scriptIndex = encodingString.indexOf(marker, stringIndex)
if (scriptIndex != -1)
{
unEncodingString += encodingString.substring(stringIndex, scriptIndex)
scriptIndex += marker.length
state = STATE_READLEN
}
else
{
stringIndex = stringIndex==0 ? 0 : stringIndex
unEncodingString += encodingString.substr(stringIndex, encodingString.length)
state = 0
}
break
case (STATE_READLEN) :
encodingLength = encodingString.substr(scriptIndex, 6)
unEncodinglength = decodeBase64(encodingLength)
scriptIndex += (6 + "==".length)
state = STATE_DECODE
break
case (STATE_DECODE) :
if (!unEncodinglength)
{
stringIndex = scriptIndex + "DQgAAA==^#~@".length
unEncodingIndex = 0
state = STATE_COPY_INPUT
break
}
char = encodingString.substr(scriptIndex, 1)
if (char == "@") state = STATE_UNESCAPE
else
{
if (char.charCodeAt(0) < 0xFF)
{
unEncodingString += String.fromCharCode(transformed[pick_encoding[unEncodingIndex%64]][char.charCodeAt(0)])
unEncodingIndex++
}
else
{
unEncodingString += char
}
scriptIndex++
unEncodinglength--
break
}
case STATE_UNESCAPE:
unEncodingString += unescape(encodingString.substr(++scriptIndex, 1))
scriptIndex++; unEncodinglength -=2
unEncodingIndex++
state = STATE_DECODE
break
}
}
re = new RegExp("(JScript|VBscript).encode", "gmi")
while(arr = re.exec(unEncodingString)) unEncodingString = RegExp.leftContext + RegExp.$1 + RegExp.rightContext
return unEncodingString
}
</script>
<div align=center>Ecode解码器</div><textarea id=encodeHTML rows=35 cols=70></textarea> <br><br>
<div align=center><button onclick=encodeHTML.innerText=strdec(encodeHTML.innerText)>解密
<div></div></button></div></td></tr>
<tr>
<td bgcolor=#336699></td></tr></table></center></font></td>
</tr>
</table>
<hr size="1"></td>
</tr>
</table> </td>
</tr></table>
</body>
</html>
新建一个.htm文件,将以下内容复制到里面即可
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta content="MSHTML 6.00.3790.0" name=generator />
<title>对加密VBScript代码解密 - VBScript.Encode解密</title>
</head>
<body bgcolor=#7c7e8b leftMargin=0 topMargin=0>
<table cellSpacing=0 cellPadding=0 width=570 align=center bgcolor=#ffffff border=0>
<tr>
<td width=570 vAlign=top bgcolor=#ffffff>
<table cellSpacing=0 cellPadding=0 width=100% bgcolor=#ffffff border=0>
<tr>
<td vAlign=top align=middle width=571 height=222>
<table cellSpacing=0 cellPadding=6 width="100%" align=center border=0>
<tr>
<td width="550" height=10></td>
</tr>
<tr align=center>
<td class="f14"> <strong><font color=#ff6600>VBScript.Encode解密</font></strong></td>
</tr>
</table>
<hr size="1">
<table width="98%" border=0 align=center cellspacing="0" class=tf>
<tr>
<td class=bw width="100%"><font size=2>
<style type=text/css>
a:link {
color: #0083e4; font-family: "宋体"; text-decoration: none
}
a:visited {
color: #0083e4; text-decoration: none
}
a:active {
color: #0083e4; text-decoration: none
}
a:hover {
color: #ff3300; text-decoration: underline
}
.title {
font-size: 22px; color: #ff3300; font-family: "隶书"
}
td {
font-size: 12px
}
</style>
<center>
<table cellPadding=3 bgcolor=#e7e7e7>
<tr>
<td bgcolor=#FFCC00>
<div align=center><font color=#ffffff size=3><strong>Ecode解码器</strong></font></div></td></tr>
<tr>
<td align=middle height=80>
<script language=JScript>
var STATE_COPY_INPUT = 100
var STATE_READLEN = 101
var STATE_DECODE = 102
var STATE_UNESCAPE = 103
var pick_encoding = new Array(
1, 2, 0, 1, 2, 0, 2, 0, 0, 2, 0, 2, 1, 0, 2, 0,
1, 0, 2, 0, 1, 1, 2, 0, 0, 2, 1, 0, 2, 0, 0, 2,
1, 1, 0, 2, 0, 2, 0, 1, 0, 1, 1, 2, 0, 1, 0, 2,
1, 0, 2, 0, 1, 1, 2, 0, 0, 1, 1, 2, 0, 1, 0, 2
)
var rawData = new Array(
0x64,0x37,0x69, 0x50,0x7E,0x2C, 0x22,0x5A,0x65, 0x4A,0x45,0x72,
0x61,0x3A,0x5B, 0x5E,0x79,0x66, 0x5D,0x59,0x75, 0x5B,0x27,0x4C,
0x42,0x76,0x45, 0x60,0x63,0x76, 0x23,0x62,0x2A, 0x65,0x4D,0x43,
0x5F,0x51,0x33, 0x7E,0x53,0x42, 0x4F,0x52,0x20, 0x52,0x20,0x63,
0x7A,0x26,0x4A, 0x21,0x54,0x5A, 0x46,0x71,0x38, 0x20,0x2B,0x79,
0x26,0x66,0x32, 0x63,0x2A,0x57, 0x2A,0x58,0x6C, 0x76,0x7F,0x2B,
0x47,0x7B,0x46, 0x25,0x30,0x52, 0x2C,0x31,0x4F, 0x29,0x6C,0x3D,
0x69,0x49,0x70, 0x3F,0x3F,0x3F, 0x27,0x78,0x7B, 0x3F,0x3F,0x3F,
0x67,0x5F,0x51, 0x3F,0x3F,0x3F, 0x62,0x29,0x7A, 0x41,0x24,0x7E,
0x5A,0x2F,0x3B, 0x66,0x39,0x47, 0x32,0x33,0x41, 0x73,0x6F,0x77,
0x4D,0x21,0x56, 0x43,0x75,0x5F, 0x71,0x28,0x26, 0x39,0x42,0x78,
0x7C,0x46,0x6E, 0x53,0x4A,0x64, 0x48,0x5C,0x74, 0x31,0x48,0x67,
0x72,0x36,0x7D, 0x6E,0x4B,0x68, 0x70,0x7D,0x35, 0x49,0x5D,0x22,
0x3F,0x6A,0x55, 0x4B,0x50,0x3A, 0x6A,0x69,0x60, 0x2E,0x23,0x6A,
0x7F,0x09,0x71, 0x28,0x70,0x6F, 0x35,0x65,0x49, 0x7D,0x74,0x5C,
0x24,0x2C,0x5D, 0x2D,0x77,0x27, 0x54,0x44,0x59, 0x37,0x3F,0x25,
0x7B,0x6D,0x7C, 0x3D,0x7C,0x23, 0x6C,0x43,0x6D, 0x34,0x38,0x28,
0x6D,0x5E,0x31, 0x4E,0x5B,0x39, 0x2B,0x6E,0x7F, 0x30,0x57,0x36,
0x6F,0x4C,0x54, 0x74,0x34,0x34, 0x6B,0x72,0x62, 0x4C,0x25,0x4E,
0x33,0x56,0x30, 0x56,0x73,0x5E, 0x3A,0x68,0x73, 0x78,0x55,0x09,
0x57,0x47,0x4B, 0x77,0x32,0x61, 0x3B,0x35,0x24, 0x44,0x2E,0x4D,
0x2F,0x64,0x6B, 0x59,0x4F,0x44, 0x45,0x3B,0x21, 0x5C,0x2D,0x37,
0x68,0x41,0x53, 0x36,0x61,0x58, 0x58,0x7A,0x48, 0x79,0x22,0x2E,
0x09,0x60,0x50, 0x75,0x6B,0x2D, 0x38,0x4E,0x29, 0x55,0x3D,0x3F
)
var transformed = new Array()
for (var i=0; i<3; i++) transformed[i] = new Array()
for (var i=31; i<=126; i++) for (var j=0; j<3; j++) transformed[j][rawData[(i-31) * 3 + j]] = (i==31) ? 9 : i
var digits = new Array()
for (var i=0; i<26; i++)
{
digits["A".charCodeAt(0)+i] = i
digits["a".charCodeAt(0)+i] = i+26
}
for (var i=0; i<10; i++) digits["0".charCodeAt(0)+i] = i+52
digits[0x2b] = 62
digits[0x2f] = 63
function unescape(char)
{
var escapes = "#&!*$"
var escaped = "/r/n<>@"
if (char.charCodeAt(0) > 126) return char
if (escapes.indexOf(char) != -1) return escaped.substr(escapes.indexOf(char), 1)
return "?"
}
function decodeBase64(string)
{
var val = 0
val += (digits[string.substr(0,1).charCodeAt(0)] << 2)
val += (digits[string.substr(1,1).charCodeAt(0)] >> 4)
val += (digits[string.substr(1,1).charCodeAt(0)] & 0xf) << 12
val += ((digits[string.substr(2,1).charCodeAt(0)] >> 2) << 8)
val += ((digits[string.substr(2,1).charCodeAt(0)] & 0x3) << 22)
val += (digits[string.substr(3,1).charCodeAt(0)] << 16)
return val
}
function strdec(encodingString)
{
var marker = "#@~^"
var stringIndex = 0
var scriptIndex = -1
var unEncodingIndex = 0
var char = null
var encodingLength = unEncodinglength = 0
var state = STATE_COPY_INPUT
var unEncodingString = ""
var re, arr
while(state)
{
switch (state)
{
case (STATE_COPY_INPUT) :
scriptIndex = encodingString.indexOf(marker, stringIndex)
if (scriptIndex != -1)
{
unEncodingString += encodingString.substring(stringIndex, scriptIndex)
scriptIndex += marker.length
state = STATE_READLEN
}
else
{
stringIndex = stringIndex==0 ? 0 : stringIndex
unEncodingString += encodingString.substr(stringIndex, encodingString.length)
state = 0
}
break
case (STATE_READLEN) :
encodingLength = encodingString.substr(scriptIndex, 6)
unEncodinglength = decodeBase64(encodingLength)
scriptIndex += (6 + "==".length)
state = STATE_DECODE
break
case (STATE_DECODE) :
if (!unEncodinglength)
{
stringIndex = scriptIndex + "DQgAAA==^#~@".length
unEncodingIndex = 0
state = STATE_COPY_INPUT
break
}
char = encodingString.substr(scriptIndex, 1)
if (char == "@") state = STATE_UNESCAPE
else
{
if (char.charCodeAt(0) < 0xFF)
{
unEncodingString += String.fromCharCode(transformed[pick_encoding[unEncodingIndex%64]][char.charCodeAt(0)])
unEncodingIndex++
}
else
{
unEncodingString += char
}
scriptIndex++
unEncodinglength--
break
}
case STATE_UNESCAPE:
unEncodingString += unescape(encodingString.substr(++scriptIndex, 1))
scriptIndex++; unEncodinglength -=2
unEncodingIndex++
state = STATE_DECODE
break
}
}
re = new RegExp("(JScript|VBscript).encode", "gmi")
while(arr = re.exec(unEncodingString)) unEncodingString = RegExp.leftContext + RegExp.$1 + RegExp.rightContext
return unEncodingString
}
</script>
<div align=center>Ecode解码器</div><textarea id=encodeHTML rows=35 cols=70></textarea> <br><br>
<div align=center><button onclick=encodeHTML.innerText=strdec(encodeHTML.innerText)>解密
<div></div></button></div></td></tr>
<tr>
<td bgcolor=#336699></td></tr></table></center></font></td>
</tr>
</table>
<hr size="1"></td>
</tr>
</table> </td>
</tr></table>
</body>
</html>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 引用 解密VBScript.Encode的asp代码 木马在线解密
- 引用 解密VBScript.Encode的asp代码 木马在线解密
- 引用 解密VBScript.Encode的asp代码 木马在线解密
- 引用 解密VBScript.Encode的asp代码 木马在线解密
- 引用 解密VBScript.Encode的asp代码 木马在线解密
- 引用 解密VBScript.Encode的asp代码 木马在线解密
- 引用 解密VBScript.Encode的asp代码 木马在线解密
- asp木马代码解密的随机加密webshell
- ASP/VBSCRIPT/解密/JAVASCRIPT代码-转集
- asp木马代码解密的随机加密webshell
- VBScript.Encode解密代码
- JScript.Encode 脚本在线解密 代码
- ASP Vbscript.Encode 解密
- Asp.net 2.0 用C# 创建 PDF文件[引用] (示例代码下载)
- asp 在线备份与恢复sqlserver数据库的代码
- asp.net实现word文档在线预览功能代码
- asp实现的sha1加密解密代码(和C#兼容)
- asp.net 用户在线退出更新实现代码
- 在asp中通过vbs类实现rsa加密与解密的代码