Kappa

“Great things are not done by impulse, but by a series of small things brought together.”

JavaScript Deobfuscation

• Code Analysis
• ~ HTTP Requests
• Decoding

HTTP Requests

In the previous section, we found out that the secret.js main function is sending an empty POST request to /serial.php. In this section, we will attempt to do the same using cURL to send a POST request to /serial.php. To learn more about cURL and web requests, you can check out the Web Requests module.

cURL

cURL is a powerful command-line tool used in Linux distributions, macOS, and even the latest Windows PowerShell versions. We can request any website by simply providing its URL, and we would get it in text-format, as follows:

          kappajester83@htb[/htb]$ curl http://SERVER_IP:PORT/
        

This is the same HTML we went through when we checked the source code in the first section.

POST Request

To send a POST request, we should add the -X POST flag to our command, and it should send a POST request:

          kappajester83@htb[/htb]$ curl -s http://SERVER_IP:PORT/ -X POST
        

Tip: We add the "-s" flag to reduce cluttering the response with unnecessary data

However, POST request usually contains POST data. To send data, we can use the "-d "param1=sample"" flag and include our data for each parameter, as follows:

          kappajester83@htb[/htb]$ curl -s http://SERVER_IP:PORT/ -X POST -d "param1=sample"
        

Now that we know how to use cURL to send basic POST requests, in the next section, we will utilize this to replicate what server.js is doing to understand its purpose better.

Questions

Try applying what you learned in this section by sending a 'POST' request to '/serial.php'. What is the response you get?

JavaScript Deobfuscation

1. Introduction
2. Source Code
3. Code Obfuscation
4. Basic Obfuscation
5. Advanced Obfuscation
6. Deobfuscation
7. Code Analysis
8. ~ HTTP Requests
9. Decoding