Class: Rex::Exploitation::VBSObfuscate

Inherits:

Object

• Object
• Rex::Exploitation::VBSObfuscate

Defined in:

lib/rex/exploitation/vbsobfuscate.rb

Overview

VBScript obfuscation library

Instance Attribute Summary

• #code ⇒ Object

  The VBScript code that this obfuscator will transform.

Instance Method Summary

• #<<(str) ⇒ Object

  Append str to the (possibly obfuscated) code.

• #initialize(code = nil, _opts = {}) ⇒ VBSObfuscate constructor

  Saves code for later obfuscation with #obfuscate!.

• #obfuscate!(iterations: 1, normalize_whitespace: true, dynamic_execution: true) ⇒ self

  Obfuscate VBScript code.

• #to_s ⇒ String

  The (possibly obfuscated) code.

Constructor Details

#initialize(code = nil, _opts = {}) ⇒ VBSObfuscate

Saves code for later obfuscation with #obfuscate!

Parameters:

• code (#to_s) (defaults to: nil) —

  the code to obfuscate

• opts (Hash) —

  an options hash

# File 'lib/rex/exploitation/vbsobfuscate.rb', line 16

def initialize(code = nil, _opts = {})
  self.code = code
end

Instance Attribute Details

#code ⇒ Object

The VBScript code that this obfuscator will transform

# File 'lib/rex/exploitation/vbsobfuscate.rb', line 10

def code
  @code
end

Instance Method Details

#<<(str) ⇒ Object

Append str to the (possibly obfuscated) code

# File 'lib/rex/exploitation/vbsobfuscate.rb', line 26

def <<(str)
  @code << str
end

#obfuscate!(iterations: 1, normalize_whitespace: true, dynamic_execution: true) ⇒ self

Obfuscate VBScript code.

Parameters:

• iterations (Hash) (defaults to: 1) —

  a customizable set of options

• normalize_whitespace (Hash) (defaults to: true) —

  a customizable set of options

• dynamic_execution (Hash) (defaults to: true) —

  a customizable set of options

Options Hash (iterations:):

• number (Integer) —

  of times to run the obfuscator on this code (1)

Options Hash (normalize_whitespace:):

• normalize (Boolean) —

  line endings and strip leading/trailing whitespace from each line (true)

Options Hash (dynamic_execution:):

• dynamically (Boolean) —

  execute obfuscated code with Execute (true)

Returns:

• (self)

Raises:

• (ArgumentError)

# File 'lib/rex/exploitation/vbsobfuscate.rb', line 37

def obfuscate!(iterations: 1, normalize_whitespace: true, dynamic_execution: true)
  raise(ArgumentError, 'code must be present') if @code.nil?
  raise(ArgumentError, 'iterations must be a positive integer') unless iterations.integer? && iterations.positive?

  obfuscated = @code.dup

  iterations.times do
    # Normalize line endings and strip leading/trailing whitespace
    if normalize_whitespace
      obfuscated.gsub!(/\r\n/, "\n")
      obfuscated = obfuscated.lines.map(&:strip).reject(&:empty?).join("\n")
    end

    # Convert all VBScript to a string to be dynamically executed with Execute()
    if dynamic_execution
      obfuscated = 'Execute ' + vbscript_string_for_execute(obfuscated)
    end

    # Obfuscate strings
    obfuscated = chunk_vbscript_strings(obfuscated)
    obfuscated.gsub!(/"((?:[^"]|"")*)"/) do
      raw = ::Regexp.last_match(1).gsub('""', '"')
      raw.chars.map { |c| "chr(#{generate_number_expression(c.ord)})" }.join('&')
    end

    # Obfuscate integers
    obfuscated.gsub!(/\b\d+\b/) do |num|
      generate_number_expression(num.to_i)
    end
  end

  @code = obfuscated

  self
end

#to_s ⇒ String

Returns the (possibly obfuscated) code.

Returns:

• (String) —

  the (possibly obfuscated) code

# File 'lib/rex/exploitation/vbsobfuscate.rb', line 21

def to_s
  @code
end