VBScript obfuscation to allow PenTesters bypass countermeasures

 VBScript obfuscation to allow PenTesters bypass countermeasures.
Results (comparison)
First output

Dim SzVeVmXkoEZx, LALrsGQYjZtj, kLTOaGJfsmSG
SzVeVmXkoEZx = "6974-6865*602140/5236*45732/444*-8743+8841*8842-8731*5179-5059*-4646+4678*892-858*5573-5501*129-28*9855-9747*-6681+6789*-9095+9206*257184/8037*311721/3583*-7211+7322*741684/6506*-5620+5728*241300/2413*198-165*-9925+9959*6380-6336*5552-5520*-9222+9340*569-471*-6484+6563*6988-6881*128533/1627*-5150+5260*4828-4720*5616-5495*6062-6030*5407-5364*313728/9804*-9272+9390*-767+865*3735-3662*-2705+2815*-4151+4253*73704/664*-9531+9645*-7310+7419*-1882+1979*3171-3055*9554-9449*2676-2565*-1012+1122*107448/2442*4055-4023*-6753+6787*2058-1974*-5464+5568*428610/4082*2479-2364*-3013+3045*-9195+9300*128225/1115*56448/1764*-6899+6996*161760/5055*253752/2328*756288/7488*-4081+4196*29900/260*-3164+3261*-6830+6933*-6580+6681*-8764+8862*861360/7760*330840/2757*-2407+2441"
LALrsGQYjZtj = Split(SzVeVmXkoEZx, chr(eval(261366/6223)))
for each SKhxsIKQEybA in LALrsGQYjZtj
kLTOaGJfsmSG = kLTOaGJfsmSG & chr(eval(SKhxsIKQEybA))
next
execute(kLTOaGJfsmSG)

Second output

Dim wEQHvB, vsSBaV, pwgtko
wEQHvB = "-1912+2021*168-53*938948/9116*5796-5698*666666/6006*938-818*-4889+4921*-9635+9669*302112/4196*-9587+9688*-4950+5058*1012608/9376*-6763+6874*235232/7351*-8833+8920*412920/3720*1007190/8835*594432/5504*-5605+5705*1113-1080*9516-9482*347644/7901*181536/5673*198712/1684*615734/6283*779-700*6051-5944*-2574+2653*172370/1567*2086-1978*681472/5632*4765-4733*-2746+2789*54880/1715*2593-2475*733040/7480*-5259+5332*-7261+7371*103326/1013*-8585+8696*7371-7257*6640-6531*4564-4467*-6527+6643*62265/593*-1349+1460*2314-2204*-5438+5482*-5860+5892*4779-4745*1086-1002*-265+369*1276-1171*2588-2473*-2914+2946*101850/970*698050/6070*181760/5680*3610-3513*236896/7403*5004-4895*4565-4464*720245/6263*812360/7064*3582-3485*36977/359*4691-4590*482944/4928*-773+884*546720/4556*5235-5201"
vsSBaV = Split(wEQHvB, chr(eval(1039-997)))
for each KxRKRt in vsSBaV
pwgtko = pwgtko & chr(eval(KxRKRt))
next
execute(pwgtko)


https://github.com/kkar/VBS-Obfuscator-in-Python
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s