Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   MS script decoder (https://forum.exetools.com/showthread.php?t=5415)

tbone 09-18-2004 05:50
MS script decoder
 
I don't think I've ever seen this used for anything besides virus propagation, but there's a "feature" in IE that lets you encode your java script or vbscript so that someone casually browsing through your page source can't see what your scripts do. A while back I got an an amusing little malicious email that that tried to ues this trick to hide its real purpose, so I tracked down a few script decoders to see what it was really supposed to do (if I had been using Outlook + IE).

Anyway, to make a long story short
http://www.virtualconspiracy.com/
has a script decoder. But more importantly, he also wrote a detailed paper on how he reversed the encoding scheme without reversing the decoder built into IE. It's an interesting read on beginner crypto reversing that illustrates the thought process well, and also gives a good example of why "security through obscurity" is largely a stupid idea.

He also has a little Perl script that fetches and rips the latest dilbert cartoon as a GIF file from the official web page :D

thebobbby 09-19-2004 23:11
IMHO, "security through obscurity" is not such a stupid idea... Granted, it does not secure things that much... But it helps to keep honest people on the right side of the fence...

If i bury my gold in a field, anybody can take it, but i may hope to find it later... If i just leave it on the ground, there is almost no chance...

Now, that said, i must agree with the writter of this article regarding this script encoder... But anyway, the worse danger is, as always with security, to think you are protected.... As long as people are aware of that, i would recommend obscurity....

dphant 10-08-2004 11:09
you can use srcenc to encode source java code and then use escape to exchange the encoded code to double the obscurity.
like this
<script language="JavaScript" type="text/javascript">
<!--
a1=unescape('%76%61%72%20%66%66%3D%66%75%6E%63%74%69%6F%6E%28%73%29%7B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%73%29%29%7D%3B');
newin=open("","Identity","");
newin.document.write(a1);
//-->
</script>


All times are GMT +8. The time now is 02:07.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX