ASP code encrypt hide webshell-vulnerability warning-the black bar safety net

ID MYHACK58:62200922380
Type myhack58
Reporter 佚名
Modified 2009-03-03T00:00:00


In order to your webshell and more covert! The following will tell you how the ASP code encryption! First of all ASP code is generally plain text, very few encryption, MS have a tool Script Encoder can be encrypted, this stuff can be the official Microsoft site for free download, and there are detailed instructions for use, but after it encrypted the file will have, the administrator to see that sentence know that the asp file is encrypted. But also have the relevant decryption file.

This article provides a simple method, you can encrypt ASP code, The main idea is to code to do some operation, such as the all of the code moved a bit, basically even with encryption, the main encryption and decryption functions are as follows:

function UnEncode(temp) but=1 for i =1 to len(temp) if mid(temp,i,1)<>"soup" then pk=asc(mid(temp,i,1))-but if pk>1 2 6 then pk=pk-9 5 elseif pk<3 2 then pk=pk+9 5 end if a=a&chr(pk) else a=a&vbcrlf end if next UnEncode=a end function function Encode(temp) but=1 cc=replace(temp,vbcrlf,"soup") for i= 1 to len(cc) if mid(cc,i,1)<>"soup" then pk=asc(mid(cc,i,1))+but if pk>1 2 6 then pk=pk-9 5 elseif pk<3 2 then pk=pk+9 5 end if a=a&chr(pk) else a=a& amp;"Tang" end if next ’a=replace(a,"""","""""") Encode=a end function

In development, usually when the critical ASP code Encode, and then use the Excute(Uncode(ipaddr))to perform on it. So administrators generally can not directly see the key code, generally in the program do not bring the Encode function only at development time, in addition, UnEncode can also be changed to other function name.

This way the encryption is relatively simple, the decryption is also very easy.