HSCTF - Obfuscated JavaScript (JSF**k) [Verbose]
Рет қаралды 23,103
Күн бұрын
@Zwedgy 5 жыл бұрын
Cool to see my code in action!
@abdarafi 5 жыл бұрын
Your sense of humor is quite interesting pal xD
@cravisbouyin4864 3 жыл бұрын
Thanks John for the tip to win some of the challenges! Looks super easy when you use the discord server! However running the code on a debugger just to get the flag value looked tough enough, although you got a result in under 8 minutes! 🙂🙂❇👌
@jasonlough6640 4 жыл бұрын
You could have just added debugger; to the end of the text file. Or, you could have looked at the network panel, checked preserve log, and looked at the request. By putting it in that (4th?) party tool, it ran in a node env, and thats why the error about window showed. My point is: theres too much reliance on unnecessary tools. Its like a gun. It gives you the illusion of security. Instead, learn the tools, in this case, javascript and its environment in the browser. That is so much more useful in more situations than always reaching for extensions / plugins / other tools like a script kiddie would.
@Zooiest 2 жыл бұрын
You can just copy the text from the end to the matching bracket and execute that. It'll give you the original code.
@lxa1121 5 жыл бұрын
Are you going to be doing any more from hsctf? That was a pretty fun ctf.
@_JohnHammond 5 жыл бұрын
Absolutely, I have LOTS more ready and available to be released. Just a matter of spreading them out for the KZbin's sake. Thanks for watching! :D
@lxa1121 5 жыл бұрын
@@_JohnHammond Cant' wait to see how you solved a few of them. And no problem. Your videos are very informative.
@yunusemrahdursun6317 5 жыл бұрын
I learned new something about js thank you
@mrtommy9220 5 жыл бұрын
Great stuff!!
@ashutoshpanda4336 5 жыл бұрын
Can You Please please walk through the procedure how did you get the zsh shell.... Please
@cyrilhancock3885 3 жыл бұрын
chsh -s /bin/zsh
@JASDKA1 5 жыл бұрын
Was looking for something related. I see you uploaded it twice...?!
@ffork7803 5 жыл бұрын
Can u show us what basic tools to use in ctf?
@sakisekiz 2 жыл бұрын
johnmohammed
@davidpanic 5 жыл бұрын
There's also a tool called jsunfuck that you can use.
@csutka53 3 жыл бұрын
cool cli
@allanmarks2150 5 жыл бұрын
Obfuscated JavaScript that is this easy to see can hardly be called Obfuscated. I have a complex pure client side JavaScript program and I am just waiting for somebody to find a way to truly obfuscate it without rewriting it, or have it run on a server without rewriting it. I know there are ways to write JS so that it can run on either a server or a desktop, but everything thing I have looked at so far requires a major rewrite of what I have already written.
@TheNewton 5 жыл бұрын
Easy to see != easy to read or interpret without tools. Thus it's obfuscated by nature of being difficult for humans to parse.
@wardijien_official149 3 жыл бұрын
tqqqqqqqq
@lifebarier 5 жыл бұрын
First challenge to join discord... That is not easy. I would need to get my laptop, run virtual machine on it, go to public network, download discord, run it... They should be using jabber/irc instead of promoting that crap.
@cros108 5 жыл бұрын
why would you need to use a virtual machine on a public network on a laptop lmao, scared the discord staff are gonna hack you by using their service?
@lifebarier 5 жыл бұрын
@@cros108 I do not trust discord. And don't even try to change my mind mr glows in the dark.
@inx1819 5 жыл бұрын
@@lifebarier lmao you're weird af
@lifebarier 5 жыл бұрын
@@inx1819 not wanting to use poorly codded, closed, tracking software is weird these days... Truly peak clown world. Go get some soycaf.
@inx1819 5 жыл бұрын
@@lifebarier discord is used by millions of people, it went through multiple security audits, it's trusted by many people and it never had any major hack or exploit. It's like not wanting to use google. Also, everything tracks you. Even if Discord would track you, other websites would as well. KZbin does it - and yet you're here Stop being so paranoid.
Иван Абрамов
Рет қаралды 4,5 МЛН