I have a problem with the last question of the skill assessment.
I reversed the code to a readable and short version and I do input sanitation and all, like something like this:
// my clean code here
<SNIP>
// validation
if(inputs_are_ok) {
check()
}
From the validator script I get the message that my code is not working because it is not calling the check method. But why should I call the check method if the input is bad? I would really like to get a nudge here.
Or maybe this has something to do with the second hint:
Note 2: Remember, itās ok for passwords to have special characters, right?!
I unpacked the code and made it readable as well (deobfuscate.io and jsnice), but when i run through the web checker it throws an error saying i should be able to run the script with ānode vuln.jsā even thought i run it through the terminal with the same command.
When i upload the ācheck.jsā with a few ip regex validation it says that i should also call the check method.
It took me a couple of days busting my head against the wall, but finally did it.
For people who got stuck like meā¦ a couple of hints:
Unpack the script and reverse it to a really small size. After you understand what itās doing, try running it and test it with a couple of arguments to see its behavior.
Donāt try to create functions, use the built-in one from JavaScript.
Donāt validate, just sanitize.
Try escaping from what you donāt want; and
Regular Expressions are your friends
Donāt focus on format but the characters you need in each time you are running the script.
You can test a couple of different regex patterns in https://regexr.com/ to check if itās getting what you want;
And its really one of those never give up
Hello guys, I am a bug bounty hunter(novice) gotten some bounties but sadly they have not been enough to help subscribe on hackthebox. Is there anyone with a generous to help me with the subscription. I know everyoneās got their own problems, but I would really appreciate this help as I no longer want to be a Noob in the bug hunting community.
If anyone can help me out, I would send my htb login details so you can help me directly subscribe.
I am trying to solve the extra exercise (āIf you wanted to take it a step furtherā¦ā).
First, I was trying to replace the MD5 function by a local implementation, but that didnāt help. Next, I tried to concentrate on a Type Manipulation vulnerability because the code is using ā==ā instead of ā===ā. But donāt know how to exploit that.
Any ideas?
Skills Assessment
I was able to solve all the exercises except for the following one:
On ā/Reverseā you will find an obfuscated JavaScript code, but it appears to be broken, and doesnāt return the flag! Try to reverse it to understand how it should be working, and fix it to get the flag.
I was able to run the code in Codium and could finally set a breakpoint on the flag() function. But when stepping over the code, the āflagā variable is set to NaN (Not a Number). Looks like I didnāt correctly reverse the code.
If you js-beautify/jsconsole the downloaded vuln.js script, copy & paste it into Codium. Thereās a base64-encoded array with 21 elements. Decrypt these elements, then analyze the custom indexing function (function(_0x45ce4c, _0x39eef9). It uses offset 0xab (=171), so the formula to access entry i is (171+i) mod 21. You can then easily resolve the references to the array 0x581cd9 at the end of the code (take into account that array indexes are zero-based, i.e. when looking at entry #13, you need to select entry #14 which is "argv " e.g.).
Now that you understand what the code is doing, you can run it: kali@kali:~/patch/vuln$ node vuln.js 127.0.0.1 foo
Check why it is vulnerable, rewrite and upload the code to get the flag.
If you have further questions, just let me know.
I am busy on work this week, will come back regarding /Reverse to you later.