Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
VBscript oneliner without space
Posted by: Ivan
Date: July 06, 2009 01:05PM

Hello,


I need to write some VBS POC as oneliner and without space. Lines I can separate with : but I don't know how to replace space.

Example:

Dim a : Dim b

I need something like Dim(something)a:Dim(something)b or some another way ...

Any ideas ?


Thanks,
Ivan

http://www.security-net.biz/

Options: ReplyQuote
Re: VBscript oneliner without space
Posted by: Gareth Heyes
Date: July 06, 2009 02:06PM

I don't really understand the question but maybe it's this you mean:-

MsgBox"X"&"S"&"S"

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 07/06/2009 02:07PM by Gareth Heyes.

Options: ReplyQuote
Re: VBscript oneliner without space
Posted by: Ivan
Date: July 06, 2009 05:06PM

I have something like this:

getURL(vbscript: dim a : dim b)

but when is called (from some software that I test) I got this:

getURL(vbscript:%20dim%20a%20:%20dim%20b)

it is URL encoded.

I need to write code without any character that will be encoded, and that is easy for everything except for space.

I hope that is clearer now ?

http://www.security-net.biz/

Options: ReplyQuote
Re: VBscript oneliner without space
Posted by: sirdarckcat
Date: July 06, 2009 08:48PM

List of chars that are url-encoded by escape:

Quote

%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%20%21%22%23%24%25%26%27%28%29%2C%3A%3B%3C%3D%3E%3F%5B%5C%5D%5E%60%7B%7C%7D%7E

Quote

  !"#$%&'(),:;<=>?[\]^`{|}~

List of chars that are not url-encoded by escape:


*+-./0123456789@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz

So, this works:

MsgBox+1337

But I dont see how you can improve that haha..

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: VBscript oneliner without space
Posted by: sirdarckcat
Date: July 06, 2009 09:03PM

eval+name

victim:

http://eaea.sirdarckcat.net/vbscripth4x.html

attacker:

http://eaea.sirdarckcat.net/vbscriptxss.html

Greetz!!

PS. lol, PHPIDS == bypassed: http://demo.php-ids.org/?test=eval%2Bname (needs to be inside vbscript script tag) http://demo.php-ids.org/?test=MsgBox%2B1337%22+language%3Dvbscript+x%3D%22foo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40barfoo%40bar (click on "doublequoted onclick blabla")

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 8 time(s). Last edit at 07/06/2009 09:32PM by sirdarckcat.

Options: ReplyQuote


Sorry, only registered users may post in this forum.