Hack The Box

Introduction

Welcome to the JavaScript Deobfuscation module!

Code deobfuscation is an important skill to learn if we want to be skilled in code analysis and reverse engineering. During red/blue team exercises, we often come across obfuscated code that wants to hide certain functionalities, like malware that utilizes obfuscated JavaScript code to retrieve its main payload. Without understanding what this code is doing, we may not know what exactly the code is doing, and hence may not be able to complete the red/blue team exercise.

In this module, we start by learning the general structure of an HTML page and then will locate JavaScript code within it. Once we do that, we will learn what obfuscation is, how it is done, and where it is used and follow that by learning how to deobfuscate such code. Once the code is deobfuscated, we will attempt to understand its general usage to replicate its functionality and uncover what it does manually.

The following topics will be discussed:

  • Locating JavaScript code
  • Intro to Code Obfuscation
  • How to Deobfuscate JavaScript code
  • How to decode encoded messages
  • Basic Code Analysis
  • Sending basic HTTP requests