[extreme]

Is there any good way to encrypt VBS files?
I tryed commercial software like HTML Guardian, but it screws up the code..
I ma just looking for something simple.. Function or something to make code look unreadable...

[as0l0]

I could be wrong (or stupid) but isn't a .vbe file an encrypted vbs file?

[kbnet]

Im not aware of any tools that will do what you want. Best way is to obsfucate the code yourself. Do you want to stop people reading the code? If so you might want to try vbs2exe - have no idea what its like i just know it exists.

http://www.zone-h.co...load/file=1860/

Let me know if its of use.

[bonarez]

I've run into this some time ago
http://crapware.lx.ro/index.htm > vbscrypt

can't comment on how good it is, I haven't tested it

bonarez

[satknis]

the best way to hide the source is to make a .exe file.
user visual basic from microsoft.
and than pack it with an exe-packer.

[LittleHacker]

have you tried microsoft encryptor ?
if not, google for it

[extreme]

I am using VBS in IE exploits, so I must encode VBS code.. So it is not an option to try converting it to EXE..
all those VBS encryptors are marked as virii, so they are out of the question...
Microsoft Script Encoder is a good idea, but I don't know how to use it in C++ (I am making an editor for exploit)... there is only example for VB..

Public Sub EncodePage()
    ' Sample encoder
    ' Andrew Clinick Jan 1999
    ' Obviously this code could do with some error trapping etc
    ' but it should give you the basics to get started
    
    
    Dim strHTML As String
    ' Get the Frontpage document
    Dim mydoc As FPHTMLDocument
    ' Create a new instance of the scripting.encoder object
    Dim myEncoder As New Scripting.Encoder
    ' Get the current active document
    Set mydoc = ActiveDocument
    ' Get the HTML for the active document
    strHTML = mydoc.DocumentHTML
    ' Call the encodescriptfile method with the HTML
    strHTML = myEncoder.EncodeScriptFile(".htm", strHTML, 0, "")
    ' Set the documentHTML to be the return HTML with encoded script
    mydoc.DocumentHTML = strHTML
    ' We're done!
End Sub

[Liquidess_Shade]

Y aknow I could be wrong, but I know that some of the virusses that went aorund from different things like Microsoft Word and such had built in encryption and polymorphic abilities, why not just get a generator for one of those and pull the code and modify it?

L_S

[extreme]

Cause they are all detected, and if I try manually decrypting them, it takes alot of time, and who knows if I would be succesfull to alter it so it wouldn't be detected again..

[Liquidess_Shade]

extreme, on Mar 21 2005, 07:47 PM, said:

Cause they are all detected, and if I try manually decrypting them, it takes alot of time, and who knows if I would be succesfull to alter it so it wouldn't be detected again..

<{POST_SNAPBACK}>

OK first of all, yeah they are all detectefd, but you can change the encryption, it was just to give you an idea, and for the record, if you get like a VBS virus generator, you don't get the code encrypted. It comes out and has the code TO encrypt it.

L_S

[Chris]

<html>
<body>

<script type="text/vbscript">
input = "Your Code Here"
document.write(input & " : ")
input = replace(input, asc("a"), "#UT")
input = replace(input, asc("b"), "3TRUI")
input = replace(input, asc("c"), "AB")
input = replace(input, asc("d"), "*")
input = replace(input, asc("e"), "C")
input = replace(input, asc("f"), "Q")
input = replace(input, asc("g"), "PEAN")
input = replace(input, asc("h"), "fed")
input = replace(input, asc("i"), "TRUM")
input = replace(input, asc("j"), "PEANA")
input = replace(input, asc("k"), "�")
input = replace(input, asc("l"), "$20")
input = replace(input, asc("m"), "jh")
input = replace(input, asc("n"), "KLM")
input = replace(input, asc("o"), "RARGHH")
input = replace(input, asc("p"), "FG")
input = replace(input, asc("q"), "YUM")
input = replace(input, asc("r"), "UGG")
input = replace(input, asc("s"), "0")
input = replace(input, asc("t"), "!")
input = replace(input, asc("u"), "OPPY")
input = replace(input, asc("v"), "IMP")
input = replace(input, asc("w"), "WEB")
input = replace(input, asc("x"), "120")
input = replace(input, asc("y"), "987")
input = replace(input, asc("z"), "456")

input = strreverse(input)
document.write(input & " : ")
input = strreverse(input) 

input = replace(input, char(char("#UT"), "a")
input = replace(input, char("3TRUI"), "b")
input = replace(input, char("AB"), "c")
input = replace(input, char("*"), "d")
input = replace(input, char("C"), "e")
input = replace(input, char("Q"), "f")
input = replace(input, char("PEAN"), "g")
input = replace(input, char("fed"), "h")
input = replace(input, char("TRUM"), "i")
input = replace(input, char("PEANA"), "j")
input = replace(input, char("�"), "k")
input = replace(input, char("$20"), "l")
input = replace(input, char("jh"), "m")
input = replace(input, char("KLM"), "n")
input = replace(input, char("RARGHH"), "o")
input = replace(input, char("FG"), "p")
input = replace(input, char("YUM"), "q")
input = replace(input, char("UGG"), "r")
input = replace(input, char("0"), "s")
input = replace(input, char("!"), "t")
input = replace(input, char("OPPY"), "u")
input = replace(input, char("IMP"), "v")
input = replace(input, char("WEB"), "w")
input = replace(input, char("120"), "x")
input = replace(input, char("987"), "y")
input = replace(input, char("456"), "z")

input = replace(input, "gA", "j")
document.write(input)
</script>

</body>
</html>

Simple replacement and reversal ought to cover it, i assume your just trying to get past AV? If so then just use the encoding bit at the top when your making the exploit then decode it just before use in the exploit.

[extreme]

Quote

Set f = ffs.CreateTextFile( "file.exe", ForWriting)

This is the line on which Norton shows popup and says something like:" dangerous script wants to call CreateTextFile" so that is what I am trying to obfuscate somehow.. But I can't find a way..
VBscript.encode does nothing against anti viruses cause they have decode function built in...

I tryed somethings, but it doesn't work. But VBS is not my language so maybe I am doing some noobie error.. Like this example here. It should work, but it doesn't.
file is not created, although if you use that one line code from above example, it will work like it should.. :\ So, I guessed I (filtered) up "CreateTextFile" function with my unescaping etc.

Quote

nhn=escape("ffs.CreateTextFile( pptt, ForWriting)")
vvvv=unescape(nhn)
Set f = vvvv

[Liquidess_Shade]

Try creating a shell out command and then use another program like copy to do that.

L_S

[cvh]

Maybe this can help you, its from an old vbs virus so watch out for your AV

It executes encrypted code which is located inside the vbs file, simple and effective.

//can't pasted the code so I had to attach it.

Attached File(s)

•  mawanella.vbs.txt (3.09K)
  Number of downloads: 99