Skip to content

Comments

Rex::Exploitation::VBSObfuscate: Add VBScript obfuscation library#47

Merged
adfoster-r7 merged 1 commit intorapid7:masterfrom
bcoles:vbsobfuscator
Sep 24, 2025
Merged

Rex::Exploitation::VBSObfuscate: Add VBScript obfuscation library#47
adfoster-r7 merged 1 commit intorapid7:masterfrom
bcoles:vbsobfuscator

Conversation

@bcoles
Copy link
Contributor

@bcoles bcoles commented Aug 10, 2025

Adds a simple VBS obfuscator.

I tried to stick with the convention, structure, and existing interfaces of the existing JSObfu library, with a few differences:

  • obfuscate! method name is used (instead of obfuscate) as the object is modified in place
  • memory_sensitive option is not implemented
  • iterations option is supported, but not very useful. Note that using any obfuscation level beyond iterations: 3 is time consuming and not recommended. When dynamic_execution is used (default), iterations: 1 is recommended.

@bcoles
Copy link
Contributor Author

bcoles commented Aug 10, 2025 

Dim JbddUBzJRbRrVfg
For JbddUBzJRbRrVfg = 1 To 5
    JbddUBzJRbRrVfg = JbddUBzJRbRrVfg + 0
Next
Dim aDvkcFnDGayWffd
For aDvkcFnDGayWffd = 1 To 4
    aDvkcFnDGayWffd = aDvkcFnDGayWffd + 0
Next
Function hdySkwGHxJ(OTiALVCdLc)
    hdySkwGHxJ = OTiALVCdLc * 2
End Function
Sub EjQtgCpFQ(qaNGszbDuR)
    EjQtgCpFQ = qaNGszbDuR * 5
End Sub
Sub AVGbBw(hZyqkvEtkrobpPJ)
    AVGbBw = hZyqkvEtkrobpPJ * 1
End Sub
Dim wDCJEsaZBDXo, kGhiVFpu
wDCJEsaZBDXo = 0
kGhiVFpu = 87
Sub xHMTnrcKyD(dAKXbMjoLp)
    xHMTnrcKyD = dAKXbMjoLp * 3
End Sub
Sub BgBEFkeDKRZG(TbXNxKjhXTZJS)
    BgBEFkeDKRZG = TbXNxKjhXTZJS * 5
End Sub
Dim UnMdYWeu
For UnMdYWeu = 1 To 4
    UnMdYWeu = UnMdYWeu + 0
Next

MsgBox "hello!"
# bundle exec bin/console 
irb(main):001> require 'rex/exploitation/vbsobfuscate' ; asdf = Rex::Exploitation::VBSObfuscate.new(File.read('/root/Desktop/metasploit-framework/asdf'))
=> 
#<Rex::Exploitation::VBSObfuscate:0x00007f220d44de60
...
irb(main):002> puts asdf.obfuscate!(strip_whitespace: true, iterations: 1, dynamic_execution: true)
Execute chr(((69*1)-(1+0)))&chr(((4-3)+(52*2)))&chr(((16+96)-(2+1)))&chr(((3+13)*(12-10)))&chr(((4/4)*(222/3)))&chr(((120+762)/(3*3)))&chr(((97+4)-(5-4)))&chr(((118-9)-(90/10)))&chr(((215+125)/(16/4)))&chr(((63/9)+(45+14)))&chr(((125-2)-(8-7)))&chr(((3-1)*(45-8)))&chr(((3280/5)/(11-3)))&chr(((34+69)-(13-8)))&chr(((2*41)*(0+1)))&chr(((45-9)+(76+2)))&chr(((2752/8)/(9-5)))&chr(((53+30)+(4+15)))&chr(((1*206)/(1*2)))&vbCrLf&chr(((103+37)/(2+0)))&chr(((111*5)/(11-6)))&chr(((13-10)*(19*2)))&chr(((1*27)+(4+1)))&chr(((76-1)-(0+1)))&chr(((16+88)-(36/6)))&chr(((109/1)-(5+4)))&chr(((770/7)-(11-1)))&chr(((1*17)*(5+0)))&chr(((201/3)-(8/8)))&chr(((1*1098)/(6+3)))&chr(((1*2)*(222/6)))&chr(((288/6)+(2*17)))&chr(((23-7)+(92-10)))&chr(((1+0)*(82*1)))&chr(((39-1)*(6-3)))&chr(((400+30)/(5*1)))&chr(((15-9)*(10+7)))&chr(((7-6)*(61+42)))&chr(((79+81)/(4+1)))&chr(((30-10)+(1*41)))&chr(((14+14)+(6-2)))&chr(((21*7)/(1*3)))&chr(((45-4)-(3*3)))&chr(((24*21)/(54/9)))&chr(((514+485)/(2+7)))&chr(((30-4)+(7-1)))&chr(((212/4)/(3-2)))&vbCrLf&chr(((5*13)+(9*1)))&chr(((1+0)*(294/3)))&chr(((972/9)-(10-2)))&chr(((117-10)-(7*1)))&chr(((4590/6)/(8+1)))&chr(((3*15)+(25-4)))&chr(((14*2)+(65+29)))&chr(((2+72)/(10/10)))&chr(((164/2)*(1+0)))&chr(((46+18)+(18+16)))&chr(((43-3)+(11+31)))&chr(((691-7)/(10-4)))&chr(((521-5)/(1*6)))&chr(((7+64)+(1*31)))&chr(((6/6)*(103*1)))&chr(((66/2)-(0+1)))&chr(((1+0)*(549/9)))&chr(((84/3)+(1*4)))&chr(((84/1)-(9+1)))&chr(((38-8)+(1+67)))&chr(((111-3)-(4+4)))&chr(((309/3)-(18/6)))&chr(((85*1)*(1+0)))&chr(((12*11)/(10/5)))&chr(((7320/6)/(5+5)))&chr(((60+16)-(2*1)))&chr(((1*53)+(6+23)))&chr(((84+210)/(0+3)))&chr(((174/2)-(50/10)))&chr(((457-1)/(3+1)))&chr(((688/8)/(2-1)))&chr(((5712/8)/(10-3)))&chr(((110-4)-(1*3)))&chr(((96/3)*(0+1)))&chr(((477/9)-(6+4)))&chr(((40+2)-(6+4)))&chr(((33+19)-(16/4)))&vbCrLf&chr(((6*9)+(22+2)))&chr(((74+37)-(100/10)))&chr(((83+41)-(1+3)))&chr(((9-7)*(17+41)))&vbCrLf&chr(((5-4)*(476/7)))&chr(((49*2)+(56/8)))&chr(((20-5)+(2*47)))&chr(((64*2)/(4*1)))&chr(((99-1)-(5/5)))&chr(((17*40)/(19-9)))&chr(((131-7)-(14-8)))&chr(((45+66)-(40/10)))&chr(((105*1)-(6*1)))&chr(((28*10)/(12-8)))&chr(((59-4)*(12/6)))&chr(((1+0)*(71-3)))&chr(((36-2)+(7+30)))&chr(((16+81)*(1+0)))&chr(((0+1)*(113+8)))&chr(((245+103)/(20/5)))&chr(((234/9)+(81-5)))&chr(((1025-5)/(10/1)))&chr(((406-6)/(2*2)))&vbCrLf&chr(((432/6)-(2+0)))&chr(((1*19)+(2*46)))&chr(((47-4)+(80-9)))&chr(((1*128)/(1*4)))&chr(((48+55)-(1*6)))&chr(((3808/8)/(42/6)))&chr(((9-8)*(59*2)))&chr(((74-3)+(324/9)))&chr(((642/6)-(13-5)))&chr(((72-10)+(2*4)))&chr(((3080/4)/(1*7)))&chr(((50+21)-(3+0)))&chr(((0+1)*(71*1)))&chr(((600/6)-(3/1)))&chr(((301/7)+(26*3)))&chr(((528+342)/(1*10)))&chr(((368/4)+(2*5)))&chr(((7140/7)/(7+3)))&chr(((1*5)*(1*20)))&chr(((50-9)-(10-1)))&chr(((1*63)-(7-5)))&chr(((14*16)/(5+2)))&chr(((36+14)-(1+0)))&chr(((45-6)-(7*1)))&chr(((1+3)*(5+16)))&chr(((37+8)+(66*1)))&chr(((2+21)+(2+7)))&chr(((1*39)+(0+13)))&vbCrLf&chr(((0+1)*(776/8)))&chr(((210/3)-(7-5)))&chr(((13-10)+(51+64)))&chr(((535/5)*(3/3)))&chr(((23-9)+(1*85)))&chr(((350/10)*(2+0)))&chr(((11*5)*(6-4)))&chr(((19*1)+(49*1)))&chr(((432/6)-(1+0)))&chr(((99-1)-(9-8)))&chr(((127-6)*(1+0)))&chr(((65-6)+(0+28)))&chr(((2*1)*(40+11)))&chr(((63-7)+(276/6)))&chr(((821+79)/(1*9)))&chr(((29*1)+(1*3)))&chr(((122*1)/(1*2)))&chr(((28+3)+(7-6)))&chr(((58+330)/(7-3)))&chr(((79-10)-(1+0)))&chr(((5900/5)/(16-6)))&chr(((5992/8)/(7/1)))&chr(((1+102)-(9-5)))&chr(((504/9)+(2*7)))&chr(((63+267)/(11-8)))&chr(((213+263)/(6+1)))&chr(((2*3)+(195/3)))&chr(((970/10)*(2-1)))&chr(((1290/10)-(72/9)))&chr(((1+0)*(87*1)))&chr(((80-5)+(35-8)))&chr(((6*153)/(1+8)))&chr(((2+4)+(86+8)))&chr(((18-10)*(0+4)))&chr(((57-4)-(7+3)))&chr(((23+9)/(1+0)))&chr(((22-10)*(0+4)))&vbCrLf&chr(((45+38)-(5+0)))&chr(((222/2)-(80/8)))&chr(((272/8)+(16+70)))&chr(((238-6)/(12-10)))&vbCrLf&chr(((70*7)/(13-6)))&chr(((4095/7)/(5/1)))&chr(((115-4)-(1+0)))&chr(((0+3)*(35-2)))&chr(((8-7)*(4*29)))&chr(((1+4)*(26-5)))&chr(((1776/8)/(6-4)))&chr(((172+158)/(9/3)))&chr(((8+31)-(17-10)))&chr(((26+78)/(7-6)))&chr(((749/7)-(21/3)))&chr(((795+415)/(1*10)))&chr(((17*5)-(8-6)))&chr(((226/2)-(4+2)))&chr(((0+1)*(6+113)))&chr(((1*71)*(3-2)))&chr(((60/5)*(6/1)))&chr(((20/2)*(7+5)))&chr(((5180/10)/(0+7)))&chr(((13-9)*(2+8)))&chr(((1*83)-(10-6)))&chr(((40+128)/(5-3)))&chr(((951-6)/(17-8)))&chr(((260/2)/(0+2)))&chr(((312/4)-(2+0)))&chr(((1*2)*(43*1)))&chr(((4+72)-(81/9)))&chr(((100*9)/(1*9)))&chr(((11-9)*(39-1)))&chr(((797-5)/(9-1)))&chr(((1+0)*(1*41)))&vbCrLf&chr(((4*1)+(1000/10)))&chr(((112-5)-(21/3)))&chr(((77*11)/(8-1)))&chr(((62+23)-(8-6)))&chr(((117-1)-(18-9)))&chr(((43-6)+(2*41)))&chr(((42/1)+(13+16)))&chr(((513-9)/(11-4)))&chr(((4200/7)/(1*5)))&chr(((296/2)/(2/1)))&chr(((196/7)+(8/2)))&chr(((311-6)/(1*5)))&chr(((204+20)/(7*1)))&chr(((158*3)/(12-6)))&chr(((1*15)+(23*3)))&chr(((210/10)*(15/3)))&chr(((1560/8)/(11-8)))&chr(((11*1)+(72-7)))&chr(((405+25)/(5*1)))&chr(((11-10)*(12+55)))&chr(((0+2)*(58-8)))&chr(((1+37)*(2+0)))&chr(((696/8)+(84/7)))&chr(((26+14)-(72/9)))&chr(((1*49)-(21/3)))&chr(((263-7)/(10-2)))&chr(((13+12)*(11-9)))&vbCrLf&chr(((27*23)/(9*1)))&chr(((339/3)-(0+3)))&chr(((150/6)*(0+4)))&chr(((306/9)-(10-8)))&chr(((81-5)-(3+3)))&chr(((941-5)/(2*4)))&chr(((1*110)*(1+0)))&chr(((116-8)-(14-5)))&chr(((4*29)*(1+0)))&chr(((117-5)-(8-1)))&chr(((90+29)-(4*2)))&chr(((50/10)*(32-10)))&vbCrLf&chr(((87-1)-(3*1)))&chr(((5265/5)/(63/7)))&chr(((40+55)+(24/8)))&chr(((36-4)*(4/4)))&chr(((73/1)-(36/9)))&chr(((64-6)+(192/4)))&chr(((157+248)/(3+2)))&chr(((976/8)-(12-6)))&chr(((32/1)+(710/10)))&chr(((1+0)*(1*67)))&chr(((97-10)+(50/2)))&chr(((5*7)*(8-6)))&chr(((243+324)/(7/1)))&chr(((401-1)/(10*1)))&chr(((120-3)-(1*4)))&chr(((350+38)/(8/2)))&chr(((35+4)*(2+0)))&chr(((126/3)+(29*1)))&chr(((1+0)*(115*1)))&chr(((125*1)-(4-1)))&chr(((408/4)-(4+0)))&chr(((9*3)+(44-3)))&chr(((127/1)-(4+6)))&chr(((745-7)/(81/9)))&chr(((320/10)+(45/5)))&vbCrLf&chr(((168/4)+(6+21)))&chr(((134/2)+(39*1)))&chr(((1+0)+(800/10)))&chr(((99-7)+(192/8)))&chr(((727-6)/(1*7)))&chr(((82-6)-(9+0)))&chr(((7-6)*(448/4)))&chr(((1*39)+(7+24)))&chr(((1+0)*(3*27)))&chr(((1*5)+(28-1)))&chr(((410+17)/(7*1)))&chr(((1*5)+(36-9)))&chr(((55+68)-(10+0)))&chr(((4074/6)/(0+7)))&chr(((32+7)*(20/10)))&chr(((429-3)/(3+3)))&chr(((8050/7)/(70/7)))&chr(((26*5)-(16/2)))&chr(((68+38)-(2+6)))&chr(((1632/6)/(3+1)))&chr(((127-4)-(6+0)))&chr(((984/2)/(2*3)))&chr(((5+31)-(40/10)))&chr(((1*47)-(5*1)))&chr(((16*1)*(2+0)))&chr(((1+0)*(53*1)))&vbCrLf&chr(((3*1)*(23/1)))&chr(((110/5)*(14-9)))&chr(((17+8)*(13-9)))&chr(((2*64)/(9-5)))&chr(((334-2)/(10-6)))&chr(((48/6)+(18+91)))&chr(((309/3)-(10-5)))&vbCrLf&chr(((8/8)*(33+50)))&chr(((11+106)*(9/9)))&chr(((52*2)-(11-5)))&chr(((2*10)+(1*12)))&chr(((20-7)*(1*5)))&chr(((87-1)/(1+0)))&chr(((710/10)/(1+0)))&chr(((8/1)+(42+48)))&chr(((43-7)+(240/8)))&chr(((4+353)/(3*1)))&chr(((49+31)/(12-10)))&chr(((13-10)+(110-9)))&chr(((4500/10)/(5+0)))&chr(((26+51)+(45-1)))&chr(((1*118)-(1*5)))&chr(((4/4)*(109-2)))&chr(((4*14)+(16+46)))&chr(((52+14)+(3*1)))&chr(((4640/10)/(1+3)))&chr(((1+0)*(107/1)))&chr(((12/6)+(90+22)))&chr(((39-2)*(0+3)))&chr(((864/8)-(10/1)))&chr(((4480/5)/(11-3)))&chr(((0+400)/(50/10)))&chr(((592/8)/(1+0)))&chr(((1*41)/(11-10)))&vbCrLf&chr(((195/3)*(9/9)))&chr(((90-4)*(1+0)))&chr(((390/6)+(3*2)))&chr(((12*8)+(7-5)))&chr(((24*3)-(5+1)))&chr(((1+6)*(17*1)))&chr(((36-5)+(10-9)))&chr(((23+4)+(41-7)))&chr(((26+6)*(1+0)))&chr(((3*22)+(19*2)))&chr(((100*1)-(20/2)))&chr(((32-3)+(73+19)))&chr(((91-6)+(7+21)))&chr(((180/5)+(1*71)))&chr(((1*2)*(59*1)))&chr(((2760/5)/(2+6)))&chr(((62-2)+(336/6)))&chr(((1*3)+(728/7)))&chr(((3+35)*(9-6)))&chr(((123-4)-(72/9)))&chr(((12+24)+(66-4)))&chr(((26+92)-(10-4)))&chr(((30+15)+(42-7)))&chr(((632/8)-(2+3)))&chr(((32/8)*(6+2)))&chr(((48/8)+(180/5)))&chr(((15*1)+(27-10)))&chr(((210/6)+(126/9)))&vbCrLf&chr(((23-9)+(55/1)))&chr(((2750/5)/(3+2)))&chr(((3600/6)/(3*2)))&chr(((47-5)-(2*5)))&chr(((996/3)/(4*1)))&chr(((9360/8)/(10*1)))&chr(((212/2)-(9-1)))&vbCrLf&chr(((135+69)/(1*3)))&chr(((34+77)-(0+6)))&chr(((1*55)+(44+10)))&chr(((342/9)-(5+1)))&chr(((7/1)*(25-8)))&chr(((247+297)/(2+6)))&chr(((138-4)/(10/5)))&chr(((36/2)+(59-3)))&chr(((0+1)*(345/5)))&chr(((10-5)*(23*1)))&chr(((1+0)*(194/2)))&chr(((720/10)+(18*1)))&chr(((25+19)+(2*11)))&chr(((7-6)*(21+47)))&chr(((8*10)+(8/1)))&chr(((23*2)+(5*13)))&chr(((1*50)-(3*2)))&chr(((1+7)*(0+4)))&chr(((784/7)-(5*1)))&chr(((1+0)*(71*1)))&chr(((58+56)-(11-1)))&chr(((86/2)+(36+26)))&chr(((344/4)*(1+0)))&chr(((312/8)+(39-8)))&chr(((70+42)/(1/1)))&chr(((22+15)+(240/3)))&vbCrLf&chr(((4+13)*(1*7)))&chr(((10+7)*(5-1)))&chr(((9*67)/(18-9)))&chr(((1+1)*(42-5)))&chr(((70*1)-(1+0)))&chr(((4*230)/(40/5)))&chr(((104-7)*(8/8)))&chr(((722-2)/(16/2)))&chr(((7+3)+(55+1)))&chr(((0+1)*(17*4)))&chr(((16*11)/(8-6)))&chr(((1998/6)/(7-4)))&chr(((1+0)*(256/8)))&chr(((272/4)-(7*1)))&chr(((21*2)-(6+4)))&chr(((366+114)/(1*10)))&vbCrLf&chr(((115-8)*(1/1)))&chr(((19-5)+(57/1)))&chr(((95-9)+(144/8)))&chr(((114-8)-(10/10)))&chr(((6-4)*(301/7)))&chr(((5*1)*(112/8)))&chr(((128-6)-(2*5)))&chr(((3*1)*(46-7)))&chr(((0+1)*(5+27)))&chr(((504/8)-(16/8)))&chr(((31+4)-(15/5)))&chr(((528/8)-(2*5)))&chr(((8-3)*(44/4)))&vbCrLf&chr(((1*83)*(1/1)))&chr(((345+6)/(6-3)))&chr(((205+187)/(28/7)))&chr(((14+19)-(3-2)))&chr(((83+35)+(10-8)))&chr(((79-1)-(2*3)))&chr(((9+64)+(13-9)))&chr(((5*17)-(3-2)))&chr(((22*2)+(1*66)))&chr(((1032-6)/(9*1)))&chr(((3*1)*(3*11)))&chr(((232/8)+(46*1)))&chr(((85*1)+(4*9)))&chr(((444/6)-(54/9)))&chr(((250-10)/(4+2)))&chr(((4+88)+(10-2)))&chr(((17*1)+(2*24)))&chr(((83*1)-(17-9)))&chr(((1*4)*(3+19)))&chr(((693/7)-(0+1)))&chr(((2*41)-(15-10)))&chr(((115-2)-(63/9)))&chr(((1*111)*(7-6)))&chr(((38*16)/(1*8)))&chr(((126-6)-(3+5)))&chr(((1*41)*(1+0)))&vbCrLf&chr(((43*3)-(13-4)))&chr(((11-2)*(0+8)))&chr(((1+0)*(60+17)))&chr(((13-6)*(36/3)))&chr(((4*2)+(1*102)))&chr(((2*1)*(13+44)))&chr(((5*21)-(15-9)))&chr(((9*9)-(3*2)))&chr(((493-9)/(1*4)))&chr(((1360/2)/(50/5)))&chr(((18+5)+(4+5)))&chr(((620-10)/(16-6)))&chr(((134-6)/(8-4)))&chr(((10/10)*(300/3)))&chr(((82-7)-(19-9)))&chr(((830/10)-(8*1)))&chr(((802-10)/(54/6)))&chr(((27-9)+(1*80)))&chr(((86-9)/(5-4)))&chr(((6/3)*(53*1)))&chr(((4-3)+(2*55)))&chr(((154-2)/(7-5)))&chr(((66-2)+(27+21)))&chr(((1*19)+(1*13)))&chr(((104/8)+(29*1)))&chr(((1+3)*(40/5)))&chr(((47-1)+(5*1)))&vbCrLf&chr(((115*6)/(4+6)))&chr(((53+64)-(6+1)))&chr(((45+58)-(8-5)))&chr(((1+3)*(7+1)))&chr(((25*3)+(2*4)))&chr(((7/1)+(1100/10)))&chr(((196/4)*(8-6)))&vbCrLf&chr(((11+1)+(9+62)))&chr(((13*1)*(3*3)))&chr(((180/9)+(39*2)))&chr(((2*16)*(10/10)))&chr(((9-8)*(22*3)))&chr(((115-2)-(90/9)))&chr(((9-7)+(40+24)))&chr(((69/1)*(4/4)))&chr(((210/1)/(2+1)))&chr(((856*1)/(2*4)))&chr(((1*5)+(102-6)))&chr(((34+22)+(48/4)))&chr(((26/2)+(58+4)))&chr(((87-2)-(1+2)))&chr(((13*4)+(38/1)))&chr(((72-7)+(3*2)))&chr(((252/9)+(108/9)))&chr(((26+142)/(6-4)))&chr(((7*1)*(20-6)))&chr(((741+51)/(1+8)))&chr(((1*68)+(10*1)))&chr(((48/2)*(20/4)))&chr(((7*1)+(69-1)))&chr(((18/9)*(63-10)))&chr(((79/1)+(16+9)))&chr(((10+1)*(8+0)))&chr(((69+267)/(2*2)))&chr(((12*30)/(7-3)))&chr(((245+273)/(6+1)))&chr(((332/4)/(0+1)))&chr(((4/4)*(27+14)))&vbCrLf&chr(((4*19)-(15-5)))&chr(((0+1)+(102*1)))&chr(((58/1)+(1*8)))&chr(((630/9)-(4-3)))&chr(((1*20)+(150/3)))&chr(((3+3)+(505/5)))&chr(((94+13)-(16-10)))&chr(((59+18)-(6+3)))&chr(((33*2)+(0+9)))&chr(((25*1)+(1*57)))&chr(((5+61)+(3*8)))&chr(((79-2)-(42/7)))&chr(((46-8)-(16-10)))&chr(((690/10)-(18-10)))&chr(((46-10)-(8/2)))&chr(((93-2)-(12-5)))&chr(((116-9)-(5+4)))&chr(((880/10)/(8/8)))&chr(((9/9)*(75+3)))&chr(((75*1)+(5*9)))&chr(((81/1)-(12-6)))&chr(((2*23)+(120/2)))&chr(((0+1)*(520/5)))&chr(((8+0)*(11*1)))&chr(((10+34)+(360/9)))&chr(((16-6)*(12-3)))&chr(((2*37)*(10-9)))&chr(((1*84)-(0+1)))&chr(((4*10)-(12-4)))&chr(((3*14)*(5-4)))&chr(((2-1)*(320/10)))&chr(((530/10)*(5-4)))&vbCrLf&chr(((69*3)/(24/8)))&chr(((21-10)*(5*2)))&chr(((30-5)+(75*1)))&chr(((42-1)-(3*3)))&chr(((3-2)*(45+38)))&chr(((62+57)-(12-10)))&chr(((2*28)+(294/7)))&vbCrLf&chr(((276/4)-(10-9)))&chr(((98+14)-(17-10)))&chr(((102+17)-(5*2)))&chr(((37+91)/(4+0)))&chr(((59*1)+(26+0)))&chr(((287/7)+(483/7)))&chr(((151+465)/(2*4)))&chr(((23+20)+(49+8)))&chr(((36+59)-(42/7)))&chr(((101-4)-(5*2)))&chr(((15-2)+(704/8)))&chr(((111-3)+(15-6)))&vbCrLf&chr(((67-1)+(1*4)))&chr(((103+17)-(3*3)))&chr(((21/7)*(39-1)))&chr(((38+0)-(1+5)))&chr(((2-1)*(5*17)))&chr(((13+29)+(136/2)))&chr(((1+0)*(616/8)))&chr(((1*89)+(17-6)))&chr(((44-9)+(3*18)))&chr(((99-4)-(1+7)))&chr(((111-3)-(21/3)))&chr(((1270/10)-(100/10)))&chr(((39-1)-(54/9)))&chr(((3843/9)/(7*1)))&chr(((125+195)/(14-4)))&chr(((11+24)+(56/4)))&chr(((14+21)-(3+0)))&chr(((3+3)+(67+11)))&chr(((61+26)+(30-6)))&chr(((22+10)*(4/4)))&chr(((60-10)+(9-7)))&vbCrLf&chr(((85/5)*(12-7)))&chr(((28+87)-(1*5)))&chr(((924/3)/(2*2)))&chr(((11-10)*(24+76)))&chr(((1+0)*(89*1)))&chr(((176/2)-(1+0)))&chr(((707/7)*(7/7)))&chr(((125/5)+(102-10)))&chr(((4/1)*(4*2)))&chr(((366/6)*(1+0)))&chr(((1*37)-(2+3)))&chr(((4+2)+(237/3)))&chr(((756/7)+(11-9)))&chr(((16+16)+(270/6)))&chr(((71-8)+(37*1)))&chr(((209+236)/(10-5)))&chr(((3480/10)/(16/4)))&chr(((0+1)*(202/2)))&chr(((33+89)-(40/8)))&chr(((38-1)-(4+1)))&chr(((29+16)-(7-5)))&chr(((1536/6)/(16-8)))&chr(((14-2)*(2*2)))&vbCrLf&chr(((631-7)/(1*8)))&chr(((108-7)*(0+1)))&chr(((12+8)*(16-10)))&chr(((130-8)-(3*2)))&vbCrLf&chr(((1232/4)/(4/1)))&chr(((944/8)-(13-10)))&chr(((103*1)*(3/3)))&chr(((567/9)+(6/2)))&chr(((21/7)*(45-8)))&chr(((15/3)*(33-9)))&chr(((4*8)+(0/1)))&chr(((38-4)*(6-5)))&chr(((204+4)/(2+0)))&chr(((73-4)+(96/3)))&chr(((552/6)+(80/5)))&chr(((107*1)+(0+1)))&chr(((7992/8)/(8+1)))&chr(((11*3)*(1+0)))&chr(((70-2)/(1*2)))

adfoster-r7
adfoster-r7 reviewed Sep 24, 2025
View reviewed changes
lib/rex/exploitation/vbsobfuscate.rb
# Normalize line endings and strip leading/trailing whitespace
if strip_whitespace
obfuscated.gsub!(/\r\n/, "\n")
obfuscated = obfuscated.lines.map(&:strip).reject(&:empty?).join("\n")
Copy link
Contributor

@adfoster-r7 adfoster-r7 Sep 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe a misunderstanding on my part - i assumed strip_whitespace would remove whitespace, but this seem to actually just be 'normalize'? 🤔

If the intent is stripping, would this work (not tested)

Suggested change
obfuscated = obfuscated.lines.map(&:strip).reject(&:empty?).join("\n")
obfuscated = obfuscated.lines.map(&:strip).reject(&:empty?).join(';')

Or if the intent is normalization maybe renaming the option could be good for clarity

-          if strip_whitespace
+          if normalize_whitespace

Copy link
Contributor Author

@bcoles bcoles Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe a misunderstanding on my part - i assumed strip_whitespace would remove whitespace, but this seem to actually just be 'normalize'? 🤔

It removes lines which contain only whitespace and "strips" leading and trailing whitepace on all lines:

# irb
irb(main):001> ' asdf asdf asdf '.strip
=> "asdf asdf asdf"
irb(main):002>

Or if the intent is normalization maybe renaming the option could be good for clarity

To me, "normalize" seems equally as vague as "strip" here, but I'll change it.

If it's stripping, would this work (not tested)

No. VBS does not support command concatenation with ; - only new lines.

@adfoster-r7 adfoster-r7 merged commit 86fe735 into rapid7:master Sep 24, 2025
19 checks passed
@bcoles bcoles deleted the vbsobfuscator branch September 24, 2025 15:37
@bcoles bcoles mentioned this pull request Sep 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adfoster-r7 adfoster-r7 adfoster-r7 approved these changes

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bcoles @adfoster-r7