h0ng10/vbs_test.rb

## vbs_test.rb
def create_vbs_from_file(filename)
        content =  File.read(filename)
        exe = content.unpack("H*").join
        vbs = ""

        var_bytes   = "var_bytes" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_byte    = "var_byte" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_fname   = "var_fname" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_func    = "var_func" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_stream  = "var_stream" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_obj     = "var_obj" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_shell   = "var_shell" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_tempdir = "var_tempdir" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_tempexe = "var_tempexe" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_basedir = "var_basedir" #Rex::Text.rand_text_alpha(rand(8)+8)
        var_counter = "var_counter" #Rex::Text.rand_text_alpha(rand(8)+8)

        vbs << "Function #{var_func}()\r\n"
        vbs << "#{var_bytes}=\"#{exe}\"\r\n"

        vbs << "Dim #{var_obj}\r\n"
        vbs << "Set #{var_obj} = CreateObject(\"Scripting.FileSystemObject\")\r\n"
        vbs << "Dim #{var_stream}\r\n"
        vbs << "Dim #{var_tempdir}\r\n"
        vbs << "Dim #{var_tempexe}\r\n"
	vbs << "Dim #{var_counter}\r\n"
        vbs << "Dim #{var_basedir}\r\n"
        #vbs << "Set #{var_tempdir} = #{var_obj}.GetSpecialFolder(2)\r\n"

        #vbs << "#{var_basedir} = #{var_tempdir} & \"\\\" & #{var_obj}.GetTempName()\r\n"
        #vbs << "#{var_obj}.CreateFolder(#{var_basedir})\r\n"
        #vbs << "#{var_tempexe} = #{var_basedir} & \"\\\" & \"svchost.exe\"\r\n"
        vbs << "#{var_tempexe} = \"#{filename}\"\r\n"
        vbs << "Set #{var_stream} = #{var_obj}.CreateTextFile(#{var_tempexe}, true , false)\r\n"
	vbs << "#{var_counter} = 1\r\n"
        vbs << "For #{var_counter} = 1 To Len(#{var_bytes})-3 Step 2\r\n"
        vbs << "#{var_byte} = Chr(38) & \"H\" & Mid(#{var_bytes}, #{var_counter}, 2)\r\n"
        vbs << "#{var_stream}.write Chr(#{var_byte})\r\n"
        vbs << "Next\r\n"

	vbs << "#{var_byte} = Chr(38) & \"H\" & Mid(#{var_bytes},#{var_counter})\r\n"
        vbs << "#{var_stream}.write Chr(#{var_byte})\r\n"

        vbs << "#{var_stream}.Close\r\n"
	#vbs << "Dim #{var_shell}\r\n"
        #vbs << "Set #{var_shell} = CreateObject(\"Wscript.Shell\")\r\n"

        #bs << "#{var_shell}.run #{var_tempexe}, 0, true\r\n"
        #bs << "#{var_obj}.DeleteFile(#{var_tempexe})\r\n"
        #bs << "#{var_obj}.DeleteFolder(#{var_basedir})\r\n"
        vbs << "End Function\r\n"

        #vbs << "Do\r\n" if persist
        vbs << "#{var_func}\r\n"
        #vbs << "WScript.Sleep #{delay * 1000}\r\n" if persists
        #vbs << "Loop\r\n" if persist
        vbs
end

puts create_vbs_from_file(ARGV[0])
	def create_vbs_from_file(filename)
	content = File.read(filename)
	exe = content.unpack("H*").join
	vbs = ""

	var_bytes = "var_bytes" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_byte = "var_byte" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_fname = "var_fname" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_func = "var_func" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_stream = "var_stream" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_obj = "var_obj" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_shell = "var_shell" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_tempdir = "var_tempdir" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_tempexe = "var_tempexe" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_basedir = "var_basedir" #Rex::Text.rand_text_alpha(rand(8)+8)
	var_counter = "var_counter" #Rex::Text.rand_text_alpha(rand(8)+8)

	vbs << "Function #{var_func}()\r\n"
	vbs << "#{var_bytes}=\"#{exe}\"\r\n"

	vbs << "Dim #{var_obj}\r\n"
	vbs << "Set #{var_obj} = CreateObject(\"Scripting.FileSystemObject\")\r\n"
	vbs << "Dim #{var_stream}\r\n"
	vbs << "Dim #{var_tempdir}\r\n"
	vbs << "Dim #{var_tempexe}\r\n"
	vbs << "Dim #{var_counter}\r\n"
	vbs << "Dim #{var_basedir}\r\n"
	#vbs << "Set #{var_tempdir} = #{var_obj}.GetSpecialFolder(2)\r\n"

	#vbs << "#{var_basedir} = #{var_tempdir} & \"\\\" & #{var_obj}.GetTempName()\r\n"
	#vbs << "#{var_obj}.CreateFolder(#{var_basedir})\r\n"
	#vbs << "#{var_tempexe} = #{var_basedir} & \"\\\" & \"svchost.exe\"\r\n"
	vbs << "#{var_tempexe} = \"#{filename}\"\r\n"
	vbs << "Set #{var_stream} = #{var_obj}.CreateTextFile(#{var_tempexe}, true , false)\r\n"
	vbs << "#{var_counter} = 1\r\n"
	vbs << "For #{var_counter} = 1 To Len(#{var_bytes})-3 Step 2\r\n"
	vbs << "#{var_byte} = Chr(38) & \"H\" & Mid(#{var_bytes}, #{var_counter}, 2)\r\n"
	vbs << "#{var_stream}.write Chr(#{var_byte})\r\n"
	vbs << "Next\r\n"

	vbs << "#{var_byte} = Chr(38) & \"H\" & Mid(#{var_bytes},#{var_counter})\r\n"
	vbs << "#{var_stream}.write Chr(#{var_byte})\r\n"

	vbs << "#{var_stream}.Close\r\n"
	#vbs << "Dim #{var_shell}\r\n"
	#vbs << "Set #{var_shell} = CreateObject(\"Wscript.Shell\")\r\n"

	#bs << "#{var_shell}.run #{var_tempexe}, 0, true\r\n"
	#bs << "#{var_obj}.DeleteFile(#{var_tempexe})\r\n"
	#bs << "#{var_obj}.DeleteFolder(#{var_basedir})\r\n"
	vbs << "End Function\r\n"

	#vbs << "Do\r\n" if persist
	vbs << "#{var_func}\r\n"
	#vbs << "WScript.Sleep #{delay * 1000}\r\n" if persists
	#vbs << "Loop\r\n" if persist
	vbs
	end

	puts create_vbs_from_file(ARGV[0])