1

I have a remote windows machine located far far away from me. The only way to manage it is through a proprietary management software that execute commands sent by me.

  • It has norton 360 antivirus installed
  • RDP is not enabled for security reasons
  • Teamviewer or other remote desktop software is not installed for security reasons

There is a piece of data that was encrypted by the remote machine using CryptProtectData that I want to decrypt. How do I decrypt it though VBScript?

  • I tried uploading a program I wrote and run but norton keeps blocking my program and calling it malware
  • The only way do it is to upload .vbs or .bat files and run it
  • I won't want to travel all the way there to do it myself
Matty2
  • 55
  • 6
  • I think you need to add much more detail about the exact nature of the problem. For example, if you're really talking about the server being able to encrypt or decrypt, do you have access to the encryption keys? – David Aug 10 '15 at 06:46
  • The cryptProtectData function does not need encrytion keys but access to the machine itself(which I have remotely). I just need a way to implement this function into VBScript. – Matty2 Aug 10 '15 at 07:06
  • [`CryptProtectData`](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380261%28v=vs.85%29.aspx) is a Win API function. VBScript doesn't have access to that API. – Ansgar Wiechers Aug 10 '15 at 08:40
  • Can't it be done using the createobject like in this website? http://www.vbforums.com/showthread.php?731857-How-to-use-dll-from-vbscript – Matty2 Aug 10 '15 at 10:06
  • `CreateObject` requires a registered COM object. COM and Win32 API are not the same. – Ansgar Wiechers Aug 10 '15 at 16:20
  • Ah shit. How do I decrypt the data then? The data is really important and I really need it. I'm thinking of another method, I just posted the question here http://stackoverflow.com/questions/31920985/decrypt-data-encrypted-by-the-cryptprotectdata-function-from-other-pc – Matty2 Aug 10 '15 at 18:22
  • My custom management software can upload and run Powershell too. Looks like CryptProtectData works with Powershell scripts https://social.technet.microsoft.com/Forums/exchange/en-US/07558d3c-4cb7-4ece-868f-b8a6ac9d3ace/cryptunprotectdata-from-powershell?forum=winserverpowershell But I still prefer if it could be done using the other method. – Matty2 Aug 10 '15 at 18:41
  • If you are able to digitally sign the executable, Norton is perhaps less likely to object to it. But Powershell looks like an easier approach. – Harry Johnston Aug 11 '15 at 08:26

0 Answers0