Forum Discussion
Bronze IIAssistance: PowerShell Deobfuscation: Ep.4 - Logical and Structural Obfuscation - Question 7
I am stuck on question 7 where I am asked to download a file from a URL I found based on the output file from the previous question. The URL is http://ZGlmZmVyZW50c3VzcGljaW91c2RvbWFpbg.net/, but I dont see an associated IP address in the lab so that I can add that domain to my host file.
Any assistance is appreciated.
All questions in this lab are about the script.
There's no need to download anything, I just did the lab.
Maybe re-writing the questions would clarify this:
6: Identify the part in the script that would download a file. Provide your answer using the variable name or the file name, including the extension.
7: After identifying the part in the script that would download a file in the previous question, what part of the script will be executed next? Provide your answer using the variable name.
8 Replies
- KieranRowley
Community Manager
I know sabil10 darkmacheken and BeluczakDelmar have all completed this one fairly recently - any tips?
- netcat
Silver III
The question is about the script, not the file. So my best guess: Continue to analyze the script.
- SpecTechal
Yes, question 6 is about the script. Question 7 asks about downloading the file from the URL found in the script from question 6. There is no way to download the file to further analyze. See Kieran's screenshot.
- netcat
Can you paste a quote of the question here? I can't find any question in this lab where I'm asked to download a file.
- KieranRowley
Hey netcat. The lab in question is PowerShell Deobfuscation: Ep.4 — Logical and Structural Obfuscation.
Q7 mentions downloading the script file that is referenced in Q5 and Q6.
