HackBack

deobfuscate

whoever is doing this machine, add ???#4870 on discor.d

Type your comment> @illwill said:

deobfuscate

oh yeah no I wasn’t asking what to do with that, I was more wondering about an idea exchange on how to proceed after

im there i got the cmds and some arrays but still working on what do with them to get rce or injection

deobfuscated the JS. Not able to decrypt the string.

Type your comment> @rewks said:

Trying to access we******.*** found through the JS, currently just keep getting redirected back to the functionless a****.*****. :expressionless:

Nvm… progress. I have a log file teasing me.

Have you had any luck reading it ?

edit: managed to read it

Congrats @arkantolo for the first blood. This one is Extremely Hard

Type your comment> @MrR3boot said:

Congrats @arkantolo for the first blood. This one is Extremely Hard

Ditto That !

Found the h*** command on port **** that lists the h****,p***,w*****,l***,i***,s*******,n*****,i****** commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?

Found go***** in there, but not sure how to interact with it.

Type your comment> @plonk said:

Found the h*** command on port **** that lists the h****,p***,w*****,l***,i***,s*******,n*****,i****** commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?

Found go***** in there, but not sure how to interact with it.

Have you done a full tcp port scan? Go higher :wink:

Type your comment> @rewks said:

Type your comment> @plonk said:

Found the h*** command on port **** that lists the h****,p***,w*****,l***,i***,s*******,n*****,i****** commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?

Found go***** in there, but not sure how to interact with it.

Have you done a full tcp port scan? Go higher :wink:

Yep, I also found that (matching the identifier in p*** against the entries in n******), but I do not seem to be speaking the right language to it :slight_smile:

EDIT: nvm, turns out I just needed to package my interaction in the right way. Now I found several targets likew**.f*******.*** and similar, but no obfuscated js.

Attempting to connect to myself using the obvious possibilities on the high port service, I get

connectex: An attempt was made to access a socket in a way forbidden by its access permissions.

Am I going down a rabbit hole?

Anyone knows what to do with a hash value & url encoded string which gives garbage value after decoding?.
got it :slight_smile:

Looking at names of logfiles. No idea how to read them? Any hints avail for this?

40pts… yeah, right…

Jesus this is hard. Well deserved 100th box. I have a shell, as s*****, bunch of interesting things. So, many, rabbit, holes.

Could use a nudge on the reading of a log file. Does the name need to be transformed?

stuck at We*****.. Not able to execute cmds. Showing result as Ex* and length.

I am stuck with the deobfuscated JS. I have a path but I cannot understand what to do with it. Anyone to give a little hint on how to make sense of it :)?

Any hint about “Nothing more to say” ?