This article mainly introduces the methods of asp decryption, restoration of chrw, chr encoded files, and the method of decoding chrw content. Friends in need can refer to it.
After encrypting the parameters of the asp function through chrw encoding, how to decode the chrw content. The following decoding function turns out to be very simple. It uses regular expressions to extract the chrw string in the content, and then eval dynamically executes the obtained chrw string to obtain the content, and then performs replacement. Note: Please refer to the comments in the source code. Note that the source code should be saved as a file in vbs format before execution. If it is an asp file, createobject needs to be modified to server.createobject.
function readfile(fn)'Read the contents of the encoded file set fso=createobject(scripting.filesystemobject) set ts=fso.OpenTextFile(fn,1,false,-2)'Pay attention to the last parameter here, if yours is unicode Encoding, change -2 (system default encoding) to -1 (unicode encoding). 0 is ascii readfile=ts.ReadAll ts.close set ts=nothing set fso=nothingend functionfunction decodechrw(s)'decode chrw encoded content set rx=new RegExp rx.Global=true rx.IgnoreCase=true rx.Pattern=ChrW/s*/(/s*/d+/s*/)(/s*&/s*ChrW/s*/(/s*/d+/s*/))*'Decode chrw string set mc=rx.Execute(s) for each m in mc s=replace(s, m.value,&eval(m.value)&) next rx.Pattern=Chr/s*/(/s*/d+/s*/)(/s*&/s*Chr/s*/(/s*/d+/s*/))*'Urgent chr String set mc=rx.Execute(s) for each m in mc s=replace(s, m.value,&eval(m.value)&) next decodechrw=s end functionfunction decodechrwfile(fn) 'Decode the file containing chrw encoding s=readfile(fn) s=decodechrw(s) 'Write the decoded content back to the file set fso=createobject(scripting.filesystemobject) set ts=fso.OpenTextFile(replace(fn,.,_decode.),2,true,-2)'Write the decoded content to the file whose original file name is replaced with _decode. If fn is encode.txt, then The decoded file is encode_decode.txt ts.write s ts.close set ts=nothing set fso=nothingend functiondecodechrwfile(encode.txt)' Pay attention to modify the file name and path encrypted by chrw here, if it is the content submitted by the client