Kappa
“Great things are not done by impulse, but by a series of small things brought together.”
Hack The Box
Skills Assessment
During our Penetration Test, we came across a web server that contains JavaScript and APIs. We need to determine their functionality to understand how it can negatively affect our customer.
Source Code
Target(s): 83.136.254.177:37202
Repeat what you learned in this section, and you should find a secret flag, what is it?
It's in the HTML source code: HTB{4lw4y5_r34d_7h3_50urc3}
Deobfuscation
Using what you learned in this section, try to deobfuscate 'secret.js' in order to get the content of the flag. What is the flag?
I took the scripy.js and used https://matthewfl.com/unPacker.html because the hint was to "Deobfuscate, not "Beautufy"
- Deobfuscation.png
- HTB{1_4m_7h3_53r14l_g3n3r470r!}
HTTP Requests
Try applying what you learned in this section by sending a 'POST' request to '/serial.php'. What is the response you get?
kappa@kappa-Aspire-Z5600:~$ curl -s http://83.136.254.177:37202/serial.php -X POST
N2gxNV8xNV9hX3MzY3IzN19tMzU1NGczkappa@kappa-Aspire-Z5600:~$
Decoding
Using what you learned in this section, determine the type of encoding used in the string you got at previous exercise, and decode it. To get the flag, you can send a 'POST' request to 'serial.php', and set the data as "serial=YOUR_DECODED_OUTPUT".
kappa@kappa-Aspire-Z5600:~$ curl -s http://83.136.254.177:37202/serial.php -X POST
N2gxNV8xNV9hX3MzY3IzN19tMzU1NGczkappa@kappa-Aspire-Z5600:~$
kappa@kappa-Aspire-Z5600:~$ echo -n "N2gxNV8xNV9hX3MzY3IzN19tMzU1NGcz" | base64 -d
7h15_15_a_s3cr37_m3554g3kappa@kappa-Aspire-Z5600:~$
kappa@kappa-Aspire-Z5600:~$ curl -X POST -d "serial=7h15_15_a_s3cr37_m3554g3" 83.136.254.177:37202/serial.php
HTB{ju57_4n07h3r_r4nd0m_53r14l}kappa@kappa-Aspire-Z5600:~$
Skills Assessment
Try to study the HTML code of the webpage, and identify used JavaScript code within it. What is the name of the JavaScript file being used?
api.min.js
Once you find the JavaScript code, try to run it to see if it does any interesting functions. Did you get something in return?
HTB{j4v45cr1p7_3num3r4710n_15_k3y}
As you may have noticed, the JavaScript code is obfuscated. Try applying the skills you learned in this module to deobfuscate the code, and retrieve the 'flag' variable.
var flag='HTB{n'+'3v3r_'+'run_0'+'bfu5c'+'473d_'+'c0d3!'+'}
HTB{n3v3r_run_0bfu5c473d_c0d3!}
Try to Analyze the deobfuscated JavaScript code, and understand its main functionality. Once you do, try to replicate what it's doing to get a secret key. What is the key?
kappa@kappa-Aspire-Z5600:~$ curl -X POST http://94.237.51.60:52205/keys.php
4150495f70336e5f37333537316e365f31355f66756ekappa@kappa-Aspire-Z5600:~$
Once you have the secret key, try to decide it's encoding method, and decode it. Then send a 'POST' request to the same previous page with the decoded key as "key=DECODED_KEY". What is the flag you got?