Nested JavaScript Obfuscation - GuidePoint Security CTF Challenge

  Рет қаралды 16,835

John Hammond

John Hammond

Күн бұрын

Пікірлер: 35
@_JohnHammond
@_JohnHammond 4 жыл бұрын
Rewatching this for the premiere, I see the Dcode.fr output does include the rest of the octal number, but due to a newline it cut it into a second part. Apparently, I had not realized that while recording. PLZ 4GIVE MEH
@user-lk5qz4wx4q
@user-lk5qz4wx4q 4 жыл бұрын
F
@oskrm
@oskrm 4 жыл бұрын
Hey John, How can I participate in this CTF?
@0x8badf00d
@0x8badf00d 3 жыл бұрын
The subscript appears to be the base.
@sumedhvangara7368
@sumedhvangara7368 4 жыл бұрын
"challenge challenge in the challenge category, nice"
@willkessner2674
@willkessner2674 3 жыл бұрын
Man it was so refreshing when you used Bash, I’m normally wayyy over my head in these videos, and the most advanced stuff I’ve done has been mostly in Bash. But when you used that “cat | grep” I physically went “nooo” because I actually knew abt grep’s input file option. Not saying that you made a grave mistake or anything, it was just awesome to finally, after watching so many of these videos, actually know what the heck was going on lol
@somebodystealsmyname
@somebodystealsmyname 4 жыл бұрын
Hey John, your bash is still hard to get used to :D cat $file | grep 'eval' >/dev/null if [ $? -eq 0 ] then This piece of code contains at least 3 things shellsheck will not accept (SC2086, SC2002 and SC2181) :D The "best" syntax would be: if grep -q eval "$file" then Netherless, great video!
@naheelazawy
@naheelazawy 4 жыл бұрын
came for this. Also I guess I should mention piping sed to sed. It works, but it was possible to have both in one sed command separated by a semicolon
@chriss8825
@chriss8825 3 жыл бұрын
I got hired to code a basic custom CMS for a client, so I had archived the wordpress junk. Turns out wordpress had been hacked and a very similar Javascript backdoor was installed (think it only had two layers of obfuscation). Although I had lots of fun reverse engineering it, it's scary that it took years for anyone to detect it with their security automated scans.
@Zaakipaladin
@Zaakipaladin 4 жыл бұрын
I don't know what's going on, but I can tell its awesome.
@fabiancostamoling
@fabiancostamoling 4 жыл бұрын
thank you (: magical speakin' as always... clear and trying to teach :)
@Jimfowler82
@Jimfowler82 3 жыл бұрын
Learning loads John thank you, lost my interest with computers with windows. Back in the game and loving Linux and learning networking/hacking. Having fun just playing with binaries and working out what they do , learning python after doing 68000 assembly and some c++ in past. I love working in the terminal & just having the tools/environment I want not what gets put onto me. Back in the day late 90s I started using netbus on my friends computers for fun. Naughty I know but we all did it to each other in the end 😜. I worked with the maker of netbus on future releases before he moved onto other things. I never took to windows which put me of computing. Now I’m back more mature and like a child excited to learn more & be a good boy now days lol
@septim8312
@septim8312 4 жыл бұрын
Great content, great premiere! Thank you :)
@XiSparks
@XiSparks 4 жыл бұрын
Great video as always!
@nathanpalmer2931
@nathanpalmer2931 4 жыл бұрын
I think your octal problem had to do with the tool not working properly. A single octal number is 3 bits in binary, which doesn't align itself very well with the normal 8 bits per byte. The reason the rotate worked, is it realined the bits to the correct positions. If the tool you had used properly prepended the 0 bit(s) in the correct place to begin with, I think you would have had the answer right away, but because you were using math functions that doesn't care about byte boundaries, you ended up in this situation.
@Riccardo4106
@Riccardo4106 4 жыл бұрын
What about the other IPs in the final script? And why you decided to focus on that number instead of follow the GET request to the given IPs?
@bruh_5555
@bruh_5555 4 жыл бұрын
I feel John is getting attacked by some MITM because first his certificate failed then his proxy failed too
@gen0ne
@gen0ne 4 жыл бұрын
I admire you
@robertwouda
@robertwouda 4 жыл бұрын
Very cool
@guiguicdd
@guiguicdd Жыл бұрын
@LapisOnTheMoon
@LapisOnTheMoon 4 жыл бұрын
algorithm time ;D good video
@Jimfowler82
@Jimfowler82 3 жыл бұрын
Have you moved to zsh? I’ve started using it and really enjoy the customise nature of it with all the plugins and tools.
@rishavsharma1500
@rishavsharma1500 4 жыл бұрын
Hip hip hurre....!!!🤗
@hallgowrt
@hallgowrt 4 жыл бұрын
try int(num_in_quotes, 8) ... I used this to convert to other bases
@deyeop5944
@deyeop5944 4 жыл бұрын
Hey i just wanted to ask , what are some commands shortcut that u use very often and how spilt your terminal so easily? Love your content btw.
@yumbuboyumbubo8230
@yumbuboyumbubo8230 4 жыл бұрын
I think he uses Terminator.
@ARZ10198
@ARZ10198 4 жыл бұрын
I watched it late but here's your comment
@mattplaygamez
@mattplaygamez 4 жыл бұрын
Can you please do the Madness room from Tryhackme
@navjotsingh2169
@navjotsingh2169 4 жыл бұрын
How to get invite from defcon please explain it
@РоманВавилов-ш6й
@РоманВавилов-ш6й 4 жыл бұрын
05:35 Javascript is compiled not interpreted
@_JohnHammond
@_JohnHammond 4 жыл бұрын
No, I believe JavaScript is a scripting language, and is interpreted..
@LESLEYYY0
@LESLEYYY0 4 жыл бұрын
Very confident it's interpreted. Unless a part of the code is executed thousands of times over, then the js JIT compiler will compile that part to speed things up
@РоманВавилов-ш6й
@РоманВавилов-ш6й 4 жыл бұрын
Found out it depends on the actual runtime environment, in case of nodejs seems like it parses the code and interprets it, but like chromes engine uses jit compiler
@Este44fr
@Este44fr 4 жыл бұрын
@@РоманВавилов-ш6й NodeJS uses V8, which is the chrome engine
Custom Wordlists & SQL Injection - GuidePoint Security CTF (Belle)
35:19
Exploiting Tomcat with LFI & Container Privesc - "Tabby" HackTheBox
45:54
МЕНЯ УКУСИЛ ПАУК #shorts
00:23
Паша Осадчий
Рет қаралды 5 МЛН
How Many Balloons To Make A Store Fly?
00:22
MrBeast
Рет қаралды 132 МЛН
MALWARE ANALYSIS - VBScript Decoding & Deobfuscating
42:23
John Hammond
Рет қаралды 1 МЛН
Google CTF - BEGINNER Reverse Engineering w/ ANGR
39:47
John Hammond
Рет қаралды 287 М.
JScript Deobfuscation - More WSHRAT (Malware Analysis)
1:02:01
John Hammond
Рет қаралды 59 М.
phpMyAdmin Local File Inclusion - GuidePoint Security CTF (Jeffrey)
31:07
C Programming Tutorial for Beginners
3:46:13
freeCodeCamp.org
Рет қаралды 14 МЛН
GoogleCTF - Cross-Site Scripting "Pasteurize"
29:21
John Hammond
Рет қаралды 97 М.
XML Object Exfiltration - HackTheBox Cyber Apocalypse CTF "E. Tree"
28:13
Deciphering Obfuscated JavaScript Malware
31:12
LaurieWired
Рет қаралды 82 М.
Decrusting the tokio crate
3:31:48
Jon Gjengset
Рет қаралды 142 М.
Basic Buffer Overflow - VulnServer TRUN
1:03:04
John Hammond
Рет қаралды 196 М.
МЕНЯ УКУСИЛ ПАУК #shorts
00:23
Паша Осадчий
Рет қаралды 5 МЛН