offensive cyber
38 Topics
Reverse Engineering (Offensive) JavaScript Analysis: JSDetox
I'm stuck at below two questions Q6: Which variable does the initial script try to return? Q8: The exploit kit contains a large block of hex encoded shellcode stored in a variable. This shellcode is also XOR encoded. What is the single byte xor key? (In the format 0xNN e.g. 0x11.) So far I downloaded the HTTP objects via Wireshark, extracted the script to JSDetox then decoded base64 strings which resolves to other 2 scripts. With these steps I was able to answer other questions but I can't go any further, any guidance? Thanks in advanceSolved300Views1like10Comments
Server-Side Request Forgery
I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory traversal and other methods in place of HTTP (FTP). Nothing seems to working to get the bot name/service accountSolved300Views1like4CommentsNmap: Ep.8 – Scan Output
I need to read a token from the file located at "/home/kali/Desktop/token". I suspect that the telnet service running on port 22 is vulnerable, but telnet is not available on Kali Machine. I have tested all other services, and they appear to be secure. I am uncertain about the next steps to take.Solved164Views1like3Comments
