当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > 发老兵及海洋VBS解包工具代码

VBScript
Dynamic Activity Window动态活动窗口vbs
可以查询系统用户名sid的vbs
VBScript使用ADSI为IIS批量添加屏蔽或允许访问的IP
WMI IE代理 切换或改变(Use WMI Change IE Proxy)
SendKeys clip.exe 发送中文的代码
利用计划任务和VBS脚本实现自动WEB共享文件夹里的文件
XorEncode的vbs实现代码
利用wsc制作的一个asp后门
ie7 0day当中的shellcode的escape+xor21加密
VBScript 作用 简单说明
IE浏览器增加“复制图像地址”的右键菜单的vbs代码
vbscript LoadPicture函数使用方法与漏洞利用
可自删除 开启3389创建用户粘滞键后门的vbs
CMD和vbs修改 IP地址及DNS的实现代码
vbScript on error resume next容错使用心得
vbscript include的办法实现代码
vbscript 读取xml格式的配置文件
vbScript中WScript.Shell对象的run和exec使用心得分享
VBS 路由重启脚本
vbscript logparser的ISA2004 Web流量报告

VBScript 中的 发老兵及海洋VBS解包工具代码


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 53 ::
收藏到网摘: n/a

关于为什么提供打包程序和打包压缩文件.MDB的解压

2006.asp                海阳顶端网asp木马2006版文件 
unpack.vbs                打包文件"hytop.mdb"的解开器 
2006x.exe                海阳顶端网asp木马2006 c/s模式转换器 
2006x2.exe                海阳顶端网asp木马2006 专用短服务器端 
                        c/s模式转换器 
2006z.exe                海阳顶端网asp木马2006_lite版本组合器 
                        用来自定义生成相应功能的lite版木马 
hididi.ini                2006z.exe的配置文件 
问题一: 
就是你们写的小马那个文件打包/揭开。我想知道 文件打包后,我下载下来,是.mdb后缀的,那我来怎么恢复呢,比如说是将一个文件夹打包下载后,来怎么恢复呢?  
回答: 
请用海洋顶端asp木马2006正式版里的unpack.vbs文件进行解压! 
mdb的文件名必须为hytop.mdb(也就是默认的名字) 

VB解包工具中有三个VB文件。分别是三种马的解包工具
一个是海洋打包的解包工具。解HYTOP。MDB
一个是ADMIN(类似于海洋)。解PACKET。MDB
一个是老兵的解包工具。解TOMDB。TDB

注:你把VB脚本文件和MDB文件放在一个目录里,执行VB脚本就行了。要几分钟时间,稍等完成提示。(没有完成强行退出解的是不完整的包。)
unpack.vbs
复制代码 代码如下:

Dim rs, ws, fso, conn, stream, connStr, theFolder
Set rs = CreateObject("ADODB.RecordSet")
Set stream = CreateObject("ADODB.Stream")
Set conn = CreateObject("ADODB.Connection")
Set fso = CreateObject("Scripting.FileSystemObject")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=HYTop.mdb;"
conn.Open connStr
rs.Open "FileData", conn, 1, 1
stream.Open
stream.Type = 1
On Error Resume Next
Do Until rs.Eof
theFolder = Left(rs("thePath"), InStrRev(rs("thePath"), "\"))
If fso.FolderExists(theFolder) = False Then
createFolder(theFolder)
End If
stream.SetEos()
stream.Write rs("fileContent")
stream.SaveToFile str & rs("thePath"), 2
rs.MoveNext
Loop
rs.Close
conn.Close
stream.Close
Set ws = Nothing
Set rs = Nothing
Set stream = Nothing
Set conn = Nothing
Wscript.Echo "所有文件释放完毕!"
Sub createFolder(thePath)
Dim i
i = Instr(thePath, "\")
Do While i > 0
If fso.FolderExists(Left(thePath, i)) = False Then
fso.CreateFolder(Left(thePath, i - 1))
End If
If InStr(Mid(thePath, i + 1), "\") Then
i = i + Instr(Mid(thePath, i + 1), "\")
Else
i = 0
End If
Loop
End Sub

打包基地老兵专用解压工具.vbs
复制代码 代码如下:

Dim rs, ws, fso, conn, stream, connStr, theFolder
Set rs = CreateObject("ADODB.RecordSet")
Set stream = CreateObject("ADODB.Stream")
Set conn = CreateObject("ADODB.Connection")
Set fso = CreateObject("Scripting.FileSystemObject")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=ToMdb.mdb;"
conn.Open connStr
rs.Open "wz", conn, 1, 1
stream.Open
stream.Type = 1
On Error Resume Next
Do Until rs.Eof
thePath = rs("folder") & "\"
theFolder = Left(thePath, InStrRev(thePath, "\"))
If fso.FolderExists(theFolder) = False Then
createFolder(theFolder)
End If
stream.SetEos()
stream.Write rs("body")
stream.SaveToFile str & thepath & rs("file"), 2
rs.MoveNext
Loop
rs.Close
conn.Close
stream.Close
Set ws = Nothing
Set rs = Nothing
Set stream = Nothing
Set conn = Nothing
Wscript.Echo "所有文件释放完毕!"
Sub createFolder(thePath)
Dim i
i = Instr(thePath, "\")
Do While i > 0
If fso.FolderExists(Left(thePath, i)) = False Then
fso.CreateFolder(Left(thePath, i - 1))
End If
If InStr(Mid(thePath, i + 1), "\") Then
i = i + Instr(Mid(thePath, i + 1), "\")
Else
i = 0
End If
Loop
End Sub

海洋解压缩工具unpack.vbs
复制代码 代码如下:

Dim rs, ws, fso, conn, stream, connStr, theFolder
Set rs = CreateObject("ADODB.RecordSet")
Set stream = CreateObject("ADODB.Stream")
Set conn = CreateObject("ADODB.Connection")
Set fso = CreateObject("Scripting.FileSystemObject")
connStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=Packet.mdb;"
conn.Open connStr
rs.Open "FileData", conn, 1, 1
stream.Open
stream.Type = 1
On Error Resume Next
Do Until rs.Eof
theFolder = Left(rs("thePath"), InStrRev(rs("thePath"), "\"))
If fso.FolderExists(theFolder) = False Then
createFolder(theFolder)
End If
stream.SetEos()
stream.Write rs("fileContent")
stream.SaveToFile str & rs("thePath"), 2
rs.MoveNext
Loop
rs.Close
conn.Close
stream.Close
Set ws = Nothing
Set rs = Nothing
Set stream = Nothing
Set conn = Nothing
Wscript.Echo "所有文件释放完毕!"
Sub createFolder(thePath)
Dim i
i = Instr(thePath, "\")
Do While i > 0
If fso.FolderExists(Left(thePath, i)) = False Then
fso.CreateFolder(Left(thePath, i - 1))
End If
If InStr(Mid(thePath, i + 1), "\") Then
i = i + Instr(Mid(thePath, i + 1), "\")
Else
i = 0
End If
Loop
End Sub