Forum Discussion

AtakanBal's avatar
AtakanBal
Icon for Bronze III rankBronze III
29 days ago

Reverse Engineering (Offensive) JavaScript Analysis: JSDetox

I'm stuck at below two questions Q6: Which variable does the initial script try to return? Q8: The exploit kit contains a large block of hex encoded shellcode stored in a variable. This shellcode...
help & support
offensive cyber
  • AtakanBal's avatar
    AtakanBal
    26 days ago

    I was able to complete the lab however I think lab needs some improvement

    For Q3, you need to look into the obfuscated code, before applying applying any deobfuscating steps
    For Q8, the data analyze tool in the lab does not work. Use CyberChef or something else, it is very misleading if you assume it works and you are missing something.

    JSDetox error

     

netcat's avatar
netcat
Icon for Bronze II rankBronze II
9 days ago

I think this tool is both overrated and abandoned, and at first I thought it would do some magic. I waited dozens of minutes for "Analyze" to do something, before I aborted these attempts. It's much easier to load the HTML file into the browser and then "Copy -> Inner HTML" to get the decoded scripts (JSDETOX has a nice formatter, but that's it). Not a single edit needed.

I couldn't understand Q4: "Which packet number corresponds to the site that is 302 redirected to (and which hosts the malware where you start analysis)?", it's not clear what you want. And since it's not a Wireshark lab, it might be just written as: "Identify the server where the malware is downloaded from, and as answer enter the number of the first frame with a http response code from that server."

  • KieranRowley's avatar
    KieranRowley
    Icon for Community Manager rankCommunity Manager
    9 days ago

    Hey netcat we have discussed your feedback internally and are in agreement with many of your comments. This is an older lab that no longer meets our quality standards and we are therefore going to uplift this lab and change some of the wording to make it clearer.

    You may be interested in the Introduction to Malware Analysis lab which uses more modern tooling.