Nested JavaScript Obfuscation - GuidePoint Security CTF Challenge

Rewatching this for the premiere, I see the Dcode.fr output does include the rest of the octal number, but due to a newline it cut it into a second part. Apparently, I had not realized that while recording. PLZ 4GIVE MEH

_JohnHammond

Man it was so refreshing when you used Bash, I’m normally wayyy over my head in these videos, and the most advanced stuff I’ve done has been mostly in Bash. But when you used that “cat | grep” I physically went “nooo” because I actually knew abt grep’s input file option. Not saying that you made a grave mistake or anything, it was just awesome to finally, after watching so many of these videos, actually know what the heck was going on lol

willkessner

Hey John,

your bash is still hard to get used to :D

cat $file | grep 'eval' >/dev/null

if [ $? -eq 0 ]
then

This piece of code contains at least 3 things shellsheck will not accept (SC2086, SC2002 and SC2181) :D

The "best" syntax would be:

if grep -q eval "$file"
then

Netherless, great video!

somebodystealsmyname

I got hired to code a basic custom CMS for a client, so I had archived the wordpress junk. Turns out wordpress had been hacked and a very similar Javascript backdoor was installed (think it only had two layers of obfuscation). Although I had lots of fun reverse engineering it, it's scary that it took years for anyone to detect it with their security automated scans.

chriss

"challenge challenge in the challenge category, nice"

sumedhvangara

thank you (: magical speakin' as always... clear and trying to teach :)

fabiancostamoling

Learning loads John thank you, lost my interest with computers with windows. Back in the game and loving Linux and learning networking/hacking.

Having fun just playing with binaries and working out what they do, learning python after doing 68000 assembly and some c++ in past.

I love working in the terminal & just having the tools/environment I want not what gets put onto me.

Back in the day late 90s I started using netbus on my friends computers for fun. Naughty I know but we all did it to each other in the end 😜.

I worked with the maker of netbus on future releases before he moved onto other things. I never took to windows which put me of computing. Now I’m back more mature and like a child excited to learn more & be a good boy now days lol

Jimfowler

I think your octal problem had to do with the tool not working properly. A single octal number is 3 bits in binary, which doesn't align itself very well with the normal 8 bits per byte. The reason the rotate worked, is it realined the bits to the correct positions. If the tool you had used properly prepended the 0 bit(s) in the correct place to begin with, I think you would have had the answer right away, but because you were using math functions that doesn't care about byte boundaries, you ended up in this situation.

nathanpalmer

I don't know what's going on, but I can tell its awesome.

Zaakipaladin

Great content, great premiere! Thank you :)

septim

What about the other IPs in the final script? And why you decided to focus on that number instead of follow the GET request to the given IPs?

Riccardo

Have you moved to zsh? I’ve started using it and really enjoy the customise nature of it with all the plugins and tools.

Jimfowler

I feel John is getting attacked by some MITM because first his certificate failed then his proxy failed too

bruh_

Hey i just wanted to ask, what are some commands shortcut that u use very often and how spilt your terminal so easily? Love your content btw.

deyeop

try int(num_in_quotes, 8) ... I used this to convert to other bases

hallgowrt

I watched it late but here's your comment

ARZ

Can you please do the Madness room from Tryhackme

mattplaygamez

How to get invite from defcon please explain it

navjotsingh

05:35 Javascript is compiled not interpreted

РоманВавилов-шй