Nested JavaScript Obfuscation - GuidePoint Security CTF Challenge

  Рет қаралды 16,805

John Hammond

John Hammond

Күн бұрын

Пікірлер: 35
@_JohnHammond
@_JohnHammond 3 жыл бұрын
Rewatching this for the premiere, I see the Dcode.fr output does include the rest of the octal number, but due to a newline it cut it into a second part. Apparently, I had not realized that while recording. PLZ 4GIVE MEH
@user-lk5qz4wx4q
@user-lk5qz4wx4q 3 жыл бұрын
F
@oskrm
@oskrm 3 жыл бұрын
Hey John, How can I participate in this CTF?
@0x8badf00d
@0x8badf00d 3 жыл бұрын
The subscript appears to be the base.
@willkessner2674
@willkessner2674 3 жыл бұрын
Man it was so refreshing when you used Bash, I’m normally wayyy over my head in these videos, and the most advanced stuff I’ve done has been mostly in Bash. But when you used that “cat | grep” I physically went “nooo” because I actually knew abt grep’s input file option. Not saying that you made a grave mistake or anything, it was just awesome to finally, after watching so many of these videos, actually know what the heck was going on lol
@sumedhvangara7368
@sumedhvangara7368 3 жыл бұрын
"challenge challenge in the challenge category, nice"
@somebodystealsmyname
@somebodystealsmyname 3 жыл бұрын
Hey John, your bash is still hard to get used to :D cat $file | grep 'eval' >/dev/null if [ $? -eq 0 ] then This piece of code contains at least 3 things shellsheck will not accept (SC2086, SC2002 and SC2181) :D The "best" syntax would be: if grep -q eval "$file" then Netherless, great video!
@naheelazawy
@naheelazawy 3 жыл бұрын
came for this. Also I guess I should mention piping sed to sed. It works, but it was possible to have both in one sed command separated by a semicolon
@chriss8825
@chriss8825 3 жыл бұрын
I got hired to code a basic custom CMS for a client, so I had archived the wordpress junk. Turns out wordpress had been hacked and a very similar Javascript backdoor was installed (think it only had two layers of obfuscation). Although I had lots of fun reverse engineering it, it's scary that it took years for anyone to detect it with their security automated scans.
@Jimfowler82
@Jimfowler82 3 жыл бұрын
Learning loads John thank you, lost my interest with computers with windows. Back in the game and loving Linux and learning networking/hacking. Having fun just playing with binaries and working out what they do , learning python after doing 68000 assembly and some c++ in past. I love working in the terminal & just having the tools/environment I want not what gets put onto me. Back in the day late 90s I started using netbus on my friends computers for fun. Naughty I know but we all did it to each other in the end 😜. I worked with the maker of netbus on future releases before he moved onto other things. I never took to windows which put me of computing. Now I’m back more mature and like a child excited to learn more & be a good boy now days lol
@fabiancostamoling
@fabiancostamoling 3 жыл бұрын
thank you (: magical speakin' as always... clear and trying to teach :)
@nathanpalmer2931
@nathanpalmer2931 3 жыл бұрын
I think your octal problem had to do with the tool not working properly. A single octal number is 3 bits in binary, which doesn't align itself very well with the normal 8 bits per byte. The reason the rotate worked, is it realined the bits to the correct positions. If the tool you had used properly prepended the 0 bit(s) in the correct place to begin with, I think you would have had the answer right away, but because you were using math functions that doesn't care about byte boundaries, you ended up in this situation.
@Zaakipaladin
@Zaakipaladin 3 жыл бұрын
I don't know what's going on, but I can tell its awesome.
@septim8312
@septim8312 3 жыл бұрын
Great content, great premiere! Thank you :)
@XiSparks
@XiSparks 3 жыл бұрын
Great video as always!
@Riccardo4106
@Riccardo4106 3 жыл бұрын
What about the other IPs in the final script? And why you decided to focus on that number instead of follow the GET request to the given IPs?
@bruh_5555
@bruh_5555 3 жыл бұрын
I feel John is getting attacked by some MITM because first his certificate failed then his proxy failed too
@Jimfowler82
@Jimfowler82 3 жыл бұрын
Have you moved to zsh? I’ve started using it and really enjoy the customise nature of it with all the plugins and tools.
@LapisOnTheMoon
@LapisOnTheMoon 3 жыл бұрын
algorithm time ;D good video
@gen0ne
@gen0ne 3 жыл бұрын
I admire you
@deyeop5944
@deyeop5944 3 жыл бұрын
Hey i just wanted to ask , what are some commands shortcut that u use very often and how spilt your terminal so easily? Love your content btw.
@yumbuboyumbubo8230
@yumbuboyumbubo8230 3 жыл бұрын
I think he uses Terminator.
@guiguicdd
@guiguicdd Жыл бұрын
@rishavsharma1500
@rishavsharma1500 3 жыл бұрын
Hip hip hurre....!!!🤗
@robertwouda
@robertwouda 3 жыл бұрын
Very cool
@hallgowrt
@hallgowrt 3 жыл бұрын
try int(num_in_quotes, 8) ... I used this to convert to other bases
@ARZ10198
@ARZ10198 3 жыл бұрын
I watched it late but here's your comment
@mattplaygamez
@mattplaygamez 3 жыл бұрын
Can you please do the Madness room from Tryhackme
@navjotsingh2169
@navjotsingh2169 3 жыл бұрын
How to get invite from defcon please explain it
@РоманВавилов-ш6й
@РоманВавилов-ш6й 3 жыл бұрын
05:35 Javascript is compiled not interpreted
@_JohnHammond
@_JohnHammond 3 жыл бұрын
No, I believe JavaScript is a scripting language, and is interpreted..
@LESLEYYY0
@LESLEYYY0 3 жыл бұрын
Very confident it's interpreted. Unless a part of the code is executed thousands of times over, then the js JIT compiler will compile that part to speed things up
@РоманВавилов-ш6й
@РоманВавилов-ш6й 3 жыл бұрын
Found out it depends on the actual runtime environment, in case of nodejs seems like it parses the code and interprets it, but like chromes engine uses jit compiler
@Este44fr
@Este44fr 3 жыл бұрын
@@РоманВавилов-ш6й NodeJS uses V8, which is the chrome engine
phpMyAdmin Local File Inclusion - GuidePoint Security CTF (Jeffrey)
31:07
Deciphering Obfuscated JavaScript Malware
31:12
LaurieWired
Рет қаралды 81 М.
У вас там какие таланты ?😂
00:19
Карина Хафизова
Рет қаралды 21 МЛН
HELP!!!
00:46
Natan por Aí
Рет қаралды 49 МЛН
REAL MAN 🤣💪🏻
00:35
Kan Andrey
Рет қаралды 20 МЛН
MALWARE ANALYSIS - VBScript Decoding & Deobfuscating
42:23
John Hammond
Рет қаралды 1 МЛН
PROOF JavaScript is a Multi-Threaded language
8:21
Beyond Fireship
Рет қаралды 287 М.
Custom Wordlists & SQL Injection - GuidePoint Security CTF (Belle)
35:19
Stopping DNS "ANY" Queries - DownUnderCTF
17:57
John Hammond
Рет қаралды 12 М.
The Vim Experience
45:19
Bog
Рет қаралды 155 М.
GoogleCTF - Cross-Site Scripting "Pasteurize"
29:21
John Hammond
Рет қаралды 97 М.
STOP Using Classes In JavaScript | Prime Reacts
14:02
ThePrimeTime
Рет қаралды 246 М.
JScript Deobfuscation - More WSHRAT (Malware Analysis)
1:02:01
John Hammond
Рет қаралды 59 М.
IFrame Parent XSS - HackTheBox Cyber Apocalypse CTF
32:03
John Hammond
Рет қаралды 72 М.
У вас там какие таланты ?😂
00:19
Карина Хафизова
Рет қаралды 21 МЛН