deobfuscate
whoever is doing this machine, add ???#4870 on discor.d
Type your comment> @illwill said:
deobfuscate
oh yeah no I wasn’t asking what to do with that, I was more wondering about an idea exchange on how to proceed after
im there i got the cmds and some arrays but still working on what do with them to get rce or injection
deobfuscated the JS. Not able to decrypt the string.
…
Type your comment> @rewks said:
Trying to access we******.*** found through the JS, currently just keep getting redirected back to the functionless a****.*****.
Nvm… progress. I have a log file teasing me.
Have you had any luck reading it ?
edit: managed to read it
Congrats @arkantolo for the first blood. This one is Extremely Hard
Type your comment> @MrR3boot said:
Congrats @arkantolo for the first blood. This one is
Extremely Hard
Ditto That !
Found the h***
command on port ****
that lists the h****,p***,w*****,l***,i***,s*******,n*****,i******
commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?
Found go*****
in there, but not sure how to interact with it.
Type your comment> @plonk said:
Found the
h***
command on port****
that lists theh****,p***,w*****,l***,i***,s*******,n*****,i******
commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?Found
go*****
in there, but not sure how to interact with it.
Have you done a full tcp port scan? Go higher
Type your comment> @rewks said:
Type your comment> @plonk said:
Found the
h***
command on port****
that lists theh****,p***,w*****,l***,i***,s*******,n*****,i******
commands and looked at each of those - didn’t find any obfuscated js. Am I looking at the wrong high port service?Found
go*****
in there, but not sure how to interact with it.Have you done a full tcp port scan? Go higher
Yep, I also found that (matching the identifier in p***
against the entries in n******
), but I do not seem to be speaking the right language to it
EDIT: nvm, turns out I just needed to package my interaction in the right way. Now I found several targets likew**.f*******.***
and similar, but no obfuscated js.
Attempting to connect to myself using the obvious possibilities on the high port service, I get
connectex: An attempt was made to access a socket in a way forbidden by its access permissions.
Am I going down a rabbit hole?
Anyone knows what to do with a hash value & url encoded string which gives garbage value after decoding?.
got it
Looking at names of logfiles. No idea how to read them? Any hints avail for this?
40pts… yeah, right…
Jesus this is hard. Well deserved 100th box. I have a shell, as s*****, bunch of interesting things. So, many, rabbit, holes.
Could use a nudge on the reading of a log file. Does the name need to be transformed?
stuck at We*****.. Not able to execute cmds. Showing result as Ex* and length.
I am stuck with the deobfuscated JS. I have a path but I cannot understand what to do with it. Anyone to give a little hint on how to make sense of it :)?
Any hint about “Nothing more to say” ?