Forum Discussion
Solved
KieranRowley
Community Manager
4 months agoHas anyone attempted this lab? I appear to be stuck after creating a python script to put the code through the loops - I can produce a deobfuscated block but have inspected it using both xxd and strings but was unable to find a hidden url. Curious if anybody has solved it yet.
","kudosSumWeight":0,"postTime":"2025-01-26T03:48:13.999-08:00","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"tags":{"__typename":"TagConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[{"__typename":"TagEdge","cursor":"MjUuM3wyLjF8b3wxMHxfTlZffDE","node":{"__typename":"Tag","id":"tag:defensive cyber","text":"defensive cyber","time":"2024-05-28T08:37:04.520-07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":1,"currentRevision":{"__ref":"Revision:revision:1458_1"},"latestVersion":null,"metrics":{"__typename":"MessageMetrics","views":176},"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"isEscalated":null,"placeholder":false,"originalMessageForPlaceholder":null,"messagePolicies":{"__typename":"MessagePolicies","canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}},"archivalData":null,"customFields":[],"body":"Has anyone attempted this lab? I appear to be stuck after creating a python script to put the code through the loops - I can produce a deobfuscated block but have inspected it using both xxd and strings but was unable to find a hidden url. Curious if anybody has solved it yet.
"},"Conversation:conversation:1458":{"__typename":"Conversation","id":"conversation:1458","solved":true,"topic":{"__ref":"ForumTopicMessage:message:1458"},"lastPostingActivityTime":"2025-01-28T23:47:05.070-08:00","lastPostTime":"2025-01-28T23:47:05.070-08:00","unreadReplyCount":9,"isSubscribed":false},"ModerationData:moderation_data:1458":{"__typename":"ModerationData","id":"moderation_data:1458","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":"member"},"Revision:revision:1458_1":{"__typename":"Revision","id":"revision:1458_1","lastEditTime":"2025-01-26T03:48:13.999-08:00"},"ForumReplyMessage:message:1462":{"__typename":"ForumReplyMessage","id":"message:1462","conversation":{"__ref":"Conversation:conversation:1458"},"author":{"__ref":"User:user:5"},"revisionNum":1,"uid":1462,"depth":1,"hasGivenKudo":false,"subscribed":false,"board":{"__ref":"Forum:board:help"},"subject":"Re: python-scripting-for-malware-analysis-ep-5-code-obfuscation","readOnly":false,"editFrozen":false,"moderationData":{"__ref":"ModerationData:moderation_data:1462"},"parent":{"__ref":"ForumTopicMessage:message:1458"},"body":"Very few people have completed this lab globally, but netcat and steven have! Any hints?
","body@stringLength":"462","rawBody":"Very few people have completed this lab globally, but
there are several steps you need to do.
and then I think you'll see it somewhere as string at the end of the output. xx.xxxxxxxx.tld
hope that helps.
","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":200})@stringLength":"208","postTime":"2025-01-27T04:00:16.373-08:00","lastPublishTime":"2025-01-27T04:00:16.373-08:00","images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":{"__typename":"AttachmentConnection","pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":[]},"solution":true,"metrics":{"__typename":"MessageMetrics","views":231},"placeholder":false,"originalMessageForPlaceholder":null,"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"isEscalated":null,"entityType":"FORUM_REPLY","eventPath":"category:help/community:dnvaw96485board:help/message:1458/message:1463","customFields":[]},"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMS15alk5UjU\"}":{"__typename":"AssociatedImage","url":"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMS15alk5UjU","height":32,"width":32,"mimeType":"image/png"},"Rank:rank:1":{"__typename":"Rank","id":"rank:1","position":0,"name":"Community Manager","color":"4563FF","icon":{"__ref":"AssociatedImage:{\"url\":\"https://community.immersivelabs.com/t5/s/dnvaw96485/images/cmstMS15alk5UjU\"}"},"rankStyle":"FILLED"},"ModerationData:moderation_data:1462":{"__typename":"ModerationData","id":"moderation_data:1462","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"Revision:revision:1462_1":{"__typename":"Revision","id":"revision:1462_1","lastEditTime":"2025-01-27T03:38:59.217-08:00"},"QueryVariables:ReplyList:message:1462:1":{"__typename":"QueryVariables","id":"ReplyList:message:1462:1","value":{"id":"message:1462","first":10,"sorts":{"kudosSumWeight":{"direction":"DESC","order":0},"postTime":{"direction":"ASC","order":1}},"repliesFirst":3,"repliesFirstDepthThree":1,"repliesSorts":{"kudosSumWeight":{"direction":"DESC","order":0},"postTime":{"direction":"ASC","order":1}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":true,"useBody":true,"useKudosCount":true,"useTimeToRead":false,"useMedia":false,"useReadOnlyIcon":false,"useRepliesCount":true,"useSearchSnippet":false,"useAcceptedSolutionButton":true,"useSolvedBadge":false,"useAttachments":false,"attachmentsFirst":5,"useTags":false,"useNodeAncestors":false,"useUserHoverCard":false,"useNodeHoverCard":false,"useModerationStatus":true,"usePreviewSubjectModal":false,"useMessageStatus":true}},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1746542127000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1746542127000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1746542127000","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1746542127000","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/AcceptedSolutionButton-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/AcceptedSolutionButton-1746542127000","value":{"accept":"Mark as Solution","accepted":"Marked as Solution","errorHeader":"Error!","errorAdd":"There was an error marking as solution.","errorRemove":"There was an error unmarking as solution.","solved":"Solved","topicAlreadySolvedErrorTitle":"Solution Already Exists","topicAlreadySolvedErrorDesc":"Refresh the browser to view the existing solution"},"localOverride":false},"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/ThreadedReplyList-1746542127000","value":{"title":"{count, plural, one{# Reply} other{# Replies}}","title@board:BLOG":"{count, plural, one{# Comment} other{# Comments}}","title@board:TKB":"{count, plural, one{# Comment} other{# Comments}}","title@board:IDEA":"{count, plural, one{# Comment} other{# Comments}}","title@board:OCCASION":"{count, plural, one{# Comment} other{# Comments}}","noRepliesTitle":"No Replies","noRepliesTitle@board:BLOG":"No Comments","noRepliesTitle@board:TKB":"No Comments","noRepliesTitle@board:IDEA":"No Comments","noRepliesTitle@board:OCCASION":"No Comments","noRepliesDescription":"Be the first to reply","noRepliesDescription@board:BLOG":"Be the first to comment","noRepliesDescription@board:TKB":"Be the first to comment","noRepliesDescription@board:IDEA":"Be the first to comment","noRepliesDescription@board:OCCASION":"Be the first to comment","messageReadOnlyAlert:BLOG":"Comments have been turned off for this post","messageReadOnlyAlert:TKB":"Comments have been turned off for this article","messageReadOnlyAlert:IDEA":"Comments have been turned off for this idea","messageReadOnlyAlert:FORUM":"Replies have been turned off for this discussion","messageReadOnlyAlert:OCCASION":"Comments have been turned off for this event"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeView/NodeViewCard-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeView/NodeViewCard-1746542127000","value":{"title":"{nodeTitle} ","creationDate":"Created: {creationDate}","ownedBy":"Owned by: {owners}{text}","showOwnerListText":", and {ownersCount} more","unreadCount":"{count} unread","nodeViewDrawerBtn":"Node view drawer for {place}","drawerActionTooltip":"Show category children"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1746542127000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1746542127000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1746542127000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeTitle-1746542127000","value":{"nodeTitle":"{nodeTitle, select, community {Community} other {{nodeTitle}}} "},"localOverride":false}}}},"page":"/forums/ForumMessagePage/ForumMessagePage","query":{"boardId":"help","messageSubject":"python-scripting-for-malware-analysis-ep-5-code-obfuscation","messageId":"1458","replyId":"1462"},"buildId":"ISAhs0UxT148eG089lpQq","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"immersivelabs","openTelemetryServiceVersion":"25.3.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/seo/QAPageSchema/QAPageSchema.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/messages/TopicWithThreadedReplyListWidget/TopicWithThreadedReplyListWidget.tsx","./components/messages/MessageView/MessageViewStandard/MessageViewStandard.tsx","./components/featured/places/FeaturedPlacesWidget/FeaturedPlacesWidget.tsx","./components/messages/RelatedContentWidget/RelatedContentWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/community/FooterWidget/FooterWidget.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/featured/places/AddFeaturedPlacesModal/AddFeaturedPlacesModal.tsx","./components/community/FooterWidgetHelpLink/FooterWidgetHelpLink.tsx","./components/community/KhorosLogo/KhorosLogo.tsx","../shared/client/components/common/List/UnwrappedList/UnwrappedList.tsx","./components/tags/TagView/TagView.tsx","./components/tags/TagView/TagViewChip/TagViewChip.tsx","../shared/client/components/common/List/UnstyledList/UnstyledList.tsx","./components/messages/MessageView/MessageView.tsx","../shared/client/components/common/List/GridList/GridList.tsx","./components/nodes/NodeView/NodeView.tsx","./components/nodes/NodeView/NodeViewCard/NodeViewCard.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx"],"appGip":true,"scriptLoader":[]}