[VulnWatch] Online Script Decoder

From: GreyMagic Security (security_at_greymagic.com)
Date: 12/07/04

  • Next message: Steve Shockley: "[VulnWatch] Re: Online Script Decoder"
    To: <vulnwatch@vulnwatch.org>
    Date: Tue, 7 Dec 2004 19:13:30 +0200
    
    

    Windows Script Encoder is a Microsoft tool to encode scripts so that "Web
    hosts and Web clients cannot view or modify their source". It encodes the
    content of script tags using a very simple encoding algorithm and renames
    the scripts "language" attribute from "JScript" or "Javascript" to
    "JScript.Encode" and from "VBScript" to "VBScript.Encode".

    The online script decoder decodes scripts that were encoded with the
    Microsoft Script Encoder (screnc.exe) from
    http://www.microsoft.com/downloads/details.aspx?familyid=E7877F67-C447-4873-
    B1B0-21F0626A6329&displaylang=en.

    Recently, malicious attackers have started to use the Microsoft Script
    Encoder in order to evade Anti-virus programs that rely on text-matching for
    virus detection. Such encoded scripts also prevent advanced users from
    immediately seeing that a script may be trying to exploit a vulnerability in
    their browser.

    Use this online decoding tool to quickly and automatically reveal the actual
    code of any encoded pages and scripts. You can paste an entire page
    containing any number of encoded sections or simply provide an encoded page
    URL.

    http://www.greymagic.com/security/tools/decoder/


  • Next message: Steve Shockley: "[VulnWatch] Re: Online Script Decoder"

    Relevant Pages

    • Re: vbscript encoder
      ... use the MS script encoder ... could someone recommend good vbscript encoder? ... Not clear where need reside html document - in any folder, ...
      (microsoft.public.scripting.vbscript)
    • RE: ASF-WRITER FREEZE WITH SCRIPT 24x7
      ... A script stream is injected to the multiplex every 200ms - containing HTML ... 'occasionally', an encoder will ... It's not enough to slow down or stop the script data injection; ... encoder graphs that we are now using. ...
      (microsoft.public.win32.programmer.mmedia)
    • Online Script Decoder
      ... Windows Script Encoder is a Microsoft tool to encode scripts so that "Web ... hosts and Web clients cannot view or modify their source". ...
      (NT-Bugtraq)
    • RE: ASF-WRITER FREEZE WITH SCRIPT 24x7
      ... I've had what might be a similar problem with an encoding application I wrote ... A script stream is injected to the multiplex every 200ms - containing HTML ... 'occasionally', an encoder will ... It's not enough to slow down or stop the script data injection; ...
      (microsoft.public.win32.programmer.mmedia)
    • Online Script Decoder
      ... Windows Script Encoder is a Microsoft tool to encode scripts so that "Web ... hosts and Web clients cannot view or modify their source". ...
      (Bugtraq)