Forum Discussion

SpecTechal's avatar
SpecTechal
Icon for Bronze II rankBronze II
8 months ago
Solved

Assistance: PowerShell Deobfuscation: Ep.4 - Logical and Structural Obfuscation - Question 7

I am stuck on question 7 where I am asked to download a file from a URL I found based on the output file from the previous question. The URL is http://ZGlmZmVyZW50c3VzcGljaW91c2RvbWFpbg.net/, but I dont see an associated IP address in the lab so that I can add that domain to my host file. 

Any assistance is appreciated.

  • netcat's avatar
    netcat
    8 months ago

    All questions in this lab are about the script.

    There's no need to download anything, I just did the lab.

    Maybe re-writing the questions would clarify this:
    6: Identify the part in the script that would download a file. Provide your answer using the variable name or the file name, including the extension.
    7: After identifying the part in the script that would download a file in the previous question, what part of the script will be executed next? Provide your answer using the variable name.

8 Replies

    • netcat's avatar
      netcat
      Icon for Silver III rankSilver III

      The question is about the script, not the file. So my best guess: Continue to analyze the script.

      • SpecTechal's avatar
        SpecTechal
        Icon for Bronze II rankBronze II

        Yes, question 6 is about the script. Question 7 asks about downloading the file from the URL found in the script from question 6. There is no way to download the file to further analyze. See Kieran's screenshot.

  • Can you paste a quote of the question here? I can't find any question in this lab where I'm asked to download a file.

    • KieranRowley's avatar
      KieranRowley
      Icon for Community Manager rankCommunity Manager

      Hey netcat. The lab in question is PowerShell Deobfuscation: Ep.4 — Logical and Structural Obfuscation.

      Q7 mentions downloading the script file that is referenced in Q5 and Q6.