[TOOL] Windows Script Decoder

From: SecuriTeam (support_at_securiteam.com)
Date: 07/21/03

  • Next message: SecuriTeam: "[UNIX] Splatt Forum XSS Vulnerability in icon Posting" 
    To: list@securiteam.com
Date: 21 Jul 2003 18:40:55 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security in Canada

    Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada.
    We welcome ISPs, system integrators and IT systems resellers
    to promote the most advanced vulnerability assessment solutions today.

    Contact us at 416-482-0038 or at canadasales@beyondsecurity.com

    - - - - - - - - -

      Windows Script Decoder
    ------------------------------------------------------------------------

    DETAILS

    Background:
    The Windows Script Encoder (screnc.exe) is a "Microsoft tool which can be
    used to encode your scripts (i.e. JScript, ASP pages, VBScript)". By using
    this tool, you can prevent people from looking at, or modifying, your
    scripts. Microsoft recommends using the Script Encoder to obfuscate your
    ASP pages, so in case your server is compromised the hacker would be
    unable to find out how your ASP applications work.

     <http://www.virtualconspiracy.com/index.php?page=scrdec/intro&ref=>
    Windows Script Decoder is a tool that can decode all scripts that have
    been encoded with the Windows Script Encoder.

    ADDITIONAL INFORMATION

    Tool can be downloaded from:
    <http://www.virtualconspiracy.com/index.php?page=scrdec/download>
    http://www.virtualconspiracy.com/index.php?page=scrdec/download

    Information supplied by <http://umbrella.mx.tc> Liu Die Yu

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] Splatt Forum XSS Vulnerability in icon Posting"

    Relevant Pages

    • Re: running batch files as admin
      ... You may be able to launch the BAT file from a VB Script. ... Scripts can be encoded using the VB Script Encoder. ... > I would like to run batch files to change system settings ... > available without having to give out the admin password. ...
      (microsoft.public.windowsxp.customize)
    • Re: How can I hide vbscript code
      ... Script Encoder is a simple command-line tool that enables script ... designers to encode their final script so that Web hosts and Web clients ... This email account is my spam trap so I ...
      (microsoft.public.scripting.vbscript)
    • Re: Group Policy script protection
      ... trivial uuencoding of the script obsfucator. ... local administrator password with a vbscript using group policy. ... navigates to the policy script file and opens it and reads it? ... We have tried the MS script encoder to change the vbs file to vbe but ...
      (microsoft.public.security)
    • Re: Protecting a script
      ... SCRIPT DOES NOT COMPILE. ... of those are truly compiled in their public form. ... Again, the script encoder is probably sufficient, ...
      (microsoft.public.scripting.wsh)
    • Re: Problem with ASP on Webserver
      ... There is no ActiveX object involved in this problem, we only request a ASP ... function in the script ... (Accept-Language:) ...
      (microsoft.public.windowsce.platbuilder)