SlideShare una empresa de Scribd logo

Java script obfuscation

n|u - The Open Security Community
n|u - The Open Security Community

null, Hasgeek, JSFoo, HackNight - 03 August 2013

EducaciónTecnología
1 de 31
Descargar para leer sin conexión
JavaScript Obfuscation
 Working in Information Security for more than 10 years  null Moderator for Bangalore Chapter  Have a passion towards Security  Penetration Tester in Day, Coder, Researcher @ night  Coder of “IronSAP”  Just completed OSCP Prasanna Kanagasabai
 JavaScript  JavaScript Obfuscation  JavaScript D-Obfuscation Techniques
 Art of Hiding Execution from plain text JavaScript : Attack & Defense Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. --Wikipedia definition
JavaScript : Attack & Defense Example <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); }
 Bypass WAF’s, filters  Decrypt Exploit Packs  Bypass filters (in-house and commercial)  hide implementation details  Social engineering payloads
JavaScript : Attack & Defense
 Loosely Typed Language  Gibberish Looking Data can convey valid information  Web Depends on JS  Mostly used in client side by recently server side impletions like node.js are becoming famous Sample: function factorial(n) { if (n === 0) { return 1; } return n * factorial(n - 1); }
 “I am a normal string ” -- Normal String  ‘I am a normal string’ -- Normal String  / I am a regex string/+”” -- Regex Strings  /I am a regex string/.source -- Regex Source facility  [‘I am a String ’]+[] -- Square notation to access string.  JavaScript provides various methods to create strings  Strings play a very major role in obfuscation  Some implementations can be browser specific only
 JavaScript supports many infix operators: +,-,~,++,--,!,  Plays a very active role in obfuscation
 What is Regular Expressions ?  Browsers Support RE as function and arguments to it.  The result is either first matched or if parentheses is used the result is stored in a array.
 // single Line comments  /**/ is a multiline comments.  JavaScript supports <!---> HTML comments inline in JavaScript.
 Critical part of Obfuscation  3 Modes Supported :  1. Unicode =====> u0061  2. Octal =====> 141  3. Hex =====>x61
Hide EVAL from the previous Slide
(a = {}.Valueof, a())[‘String.fromCharCode(String.fromCharCode(101,1 18,97,108); )’] Basic Obfuscation !!!
 variables can be used to store values  Can be defined with or without “var”  1. Alphanumeric characters  2. numbers except the first character  3. _ and $  4. Unicode characters
 JS allows various methods to create JavaScript variables:  x = "string";  (x)=('string');  this.x='string';  x ={'a':'string'}.a;  [x,y,z]=['str1','str2','str3'];  x=/z(.*)/('zstring')[1];x='string';  x=1?'string':0 JavaScript : Attack & Defense
 Essential to interact with browser objects like:  Document – Get Access to DOM, URL,Cookies  Name – Sets property name from parent window.  Location.hash  The URL variable
JavaScript : Attack & Defense
 Would you believe this is JavaScript JavaScript : Attack & Defense
 Creating a JavaScript Snippet Without any Alphanumeric characters (+[][+[]]+[])[++[[]][+[]]] = “a” Detailed steps : 1. +[] = 0 2. [+[]] = 0 inside object accessor 3. [] [+[]] = Create a blank Array with trying to 0 which creates error ‘undefined’
4. +[] [+[]] = We use infix operator + to perform a mathematical operation on result of previous operation which results a error NaN (Not a Number) We now have to extract the middle ‘a’ from the result: 1. (+[] [+[]] +[]) = Nan in string 2.++[[]] [+[]] = 1 (quirk by oxotonick) 3. (+[][+[]]+[])[++[[]][+[]]] = ‘a’ JavaScript : Attack & Defense
JavaScript : Attack & Defense
JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Obfuscated Code:
JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0x72,0x4 6,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != - 'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Identify Essential Bits of information
 if(uUHIjMJVFJET.indexOf(String.fromCharCo de(0157,112,0145,114,97)) = if(uUHIjMJVFJET.indexOf("opera“)  -'Z'[720094129..toString(16<<1)+""] = -1  return String.fromCharCode(0x6d,0x61,0x54,015 0,76,0114,0132,113,0x50,0155,114,0x72, 0x46,0x53); = return "maThLLZqPmrrFS" JavaScript : Attack & Defense
JavaScript : Attack & Defense Always de-obfuscate the script by replacing “document.write” with “alert”. Same applies to “Eval”
JavaScript : Attack & Defense
JavaScript : Attack & Defense
 I would like to the thank the following people:  Gareth Heyes  Mario Heiderich  Any one if I Have missed …. JavaScript : Attack & Defense
Prasanna Kanagasabai Prasanna.in@gmail.com

Recomendados

Hidden Gems in Swift
Hidden Gems in SwiftHidden Gems in Swift
Hidden Gems in SwiftNetguru
 
JavaScript Arrays
JavaScript Arrays JavaScript Arrays
JavaScript Arrays Reem Alattas
 
Java Cheat Sheet
Java Cheat SheetJava Cheat Sheet
Java Cheat SheetSaeid Zebardast
 
Initial Java Core Concept
Initial Java Core ConceptInitial Java Core Concept
Initial Java Core ConceptRays Technologies
 
Category theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) DataCategory theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) Datagreenwop
 
Variables, expressions, standard types
Variables, expressions, standard types Variables, expressions, standard types
Variables, expressions, standard types Rubizza
 
Swift internals
Swift internalsSwift internals
Swift internalsJung Kim
 
Swift 함수 커링 사용하기
Swift 함수 커링 사용하기Swift 함수 커링 사용하기
Swift 함수 커링 사용하기진성 오
 

Recomendados

Hidden Gems in Swift
Hidden Gems in SwiftHidden Gems in Swift
Hidden Gems in SwiftNetguru
 
JavaScript Arrays
JavaScript Arrays JavaScript Arrays
JavaScript Arrays Reem Alattas
 
Java Cheat Sheet
Java Cheat SheetJava Cheat Sheet
Java Cheat SheetSaeid Zebardast
 
Initial Java Core Concept
Initial Java Core ConceptInitial Java Core Concept
Initial Java Core ConceptRays Technologies
 
Category theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) DataCategory theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) Datagreenwop
 
Variables, expressions, standard types
Variables, expressions, standard types Variables, expressions, standard types
Variables, expressions, standard types Rubizza
 
Swift internals
Swift internalsSwift internals
Swift internalsJung Kim
 
Swift 함수 커링 사용하기
Swift 함수 커링 사용하기Swift 함수 커링 사용하기
Swift 함수 커링 사용하기진성 오
 
Java script arrays
Java script arraysJava script arrays
Java script arraysFrayosh Wadia
 
Groovy grails types, operators, objects
Groovy grails types, operators, objectsGroovy grails types, operators, objects
Groovy grails types, operators, objectsHusain Dalal
 
Property-based testing
Property-based testingProperty-based testing
Property-based testingDmitriy Morozov
 
Functional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedFunctional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedSusan Potter
 
What are arrays in java script
What are arrays in java scriptWhat are arrays in java script
What are arrays in java scriptMiguel Silva Loureiro
 
C++ L11-Polymorphism
C++ L11-PolymorphismC++ L11-Polymorphism
C++ L11-PolymorphismMohammad Shaker
 
RESTful API using scalaz (3)
RESTful API using scalaz (3)RESTful API using scalaz (3)
RESTful API using scalaz (3)Yeshwanth Kumar
 
JavaScript Obfuscation
JavaScript ObfuscationJavaScript Obfuscation
JavaScript Obfuscationn|u - The Open Security Community
 
Standford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, ViewsStandford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, Views彼得潘 Pan
 
Python Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsPython Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsP3 InfoTech Solutions Pvt. Ltd.
 
Pointer
PointerPointer
Pointerkhyati thakkar
 
Impact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesImpact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesOdoo
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기Wanbok Choi
 
DEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksDEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksFelipe Prado
 
Hexadite Real Life Django ORM
Hexadite Real Life Django ORMHexadite Real Life Django ORM
Hexadite Real Life Django ORMMaxim Braitmaiere
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploitsPriyanka Aash
 
Introduction to-scala
Introduction to-scalaIntroduction to-scala
Introduction to-scalaHamid Jafarian
 
Scala best practices
Scala best practicesScala best practices
Scala best practicesAlexander Zaidel
 
How to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureHow to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureOdoo
 
A Gremlin ate my graph
A Gremlin ate my graphA Gremlin ate my graph
A Gremlin ate my graphDamien Seguy
 
Juxtaposition pp
Juxtaposition ppJuxtaposition pp
Juxtaposition ppLouise Reed
 
Heavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionHeavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionLouise Reed
 

Más contenido relacionado

La actualidad más candente

Groovy grails types, operators, objects
Groovy grails types, operators, objectsGroovy grails types, operators, objects
Groovy grails types, operators, objectsHusain Dalal
 
Functional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedFunctional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedSusan Potter
 
RESTful API using scalaz (3)
RESTful API using scalaz (3)RESTful API using scalaz (3)
RESTful API using scalaz (3)Yeshwanth Kumar
 
Standford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, ViewsStandford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, Views彼得潘 Pan
 
Python Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsPython Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsP3 InfoTech Solutions Pvt. Ltd.
 
Impact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesImpact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesOdoo
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기Wanbok Choi
 
DEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksDEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksFelipe Prado
 
Hexadite Real Life Django ORM
Hexadite Real Life Django ORMHexadite Real Life Django ORM
Hexadite Real Life Django ORMMaxim Braitmaiere
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploitsPriyanka Aash
 
How to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureHow to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureOdoo
 
A Gremlin ate my graph
A Gremlin ate my graphA Gremlin ate my graph
A Gremlin ate my graphDamien Seguy
 

La actualidad más candente (20)

Java script arrays
Java script arraysJava script arrays
Java script arrays
 
Groovy grails types, operators, objects
Groovy grails types, operators, objectsGroovy grails types, operators, objects
Groovy grails types, operators, objects
 
Property-based testing
Property-based testingProperty-based testing
Property-based testing
 
Functional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedFunctional Algebra: Monoids Applied
Functional Algebra: Monoids Applied
 
What are arrays in java script
What are arrays in java scriptWhat are arrays in java script
What are arrays in java script
 
C++ L11-Polymorphism
C++ L11-PolymorphismC++ L11-Polymorphism
C++ L11-Polymorphism
 
RESTful API using scalaz (3)
RESTful API using scalaz (3)RESTful API using scalaz (3)
RESTful API using scalaz (3)
 
JavaScript Obfuscation
JavaScript ObfuscationJavaScript Obfuscation
JavaScript Obfuscation
 
Standford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, ViewsStandford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, Views
 
Python Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsPython Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and Objects
 
Pointer
PointerPointer
Pointer
 
Impact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesImpact of the New ORM on Your Modules
Impact of the New ORM on Your Modules
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기
 
DEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksDEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliks
 
Hexadite Real Life Django ORM
Hexadite Real Life Django ORMHexadite Real Life Django ORM
Hexadite Real Life Django ORM
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploits
 
Introduction to-scala
Introduction to-scalaIntroduction to-scala
Introduction to-scala
 
Scala best practices
Scala best practicesScala best practices
Scala best practices
 
How to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureHow to Create a l10n Payroll Structure
How to Create a l10n Payroll Structure
 
A Gremlin ate my graph
A Gremlin ate my graphA Gremlin ate my graph
A Gremlin ate my graph
 

Destacado

Juxtaposition pp
Juxtaposition ppJuxtaposition pp
Juxtaposition ppLouise Reed
 
Heavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionHeavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionLouise Reed
 
Juxtaposition powerpoint
Juxtaposition powerpointJuxtaposition powerpoint
Juxtaposition powerpointLouise Reed
 
Pee paragraphs
Pee paragraphsPee paragraphs
Pee paragraphsrddietrich
 

Destacado (9)

Juxtaposition pp
Juxtaposition ppJuxtaposition pp
Juxtaposition pp
 
Heavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionHeavens Tohou's Juxtaposition
Heavens Tohou's Juxtaposition
 
Juxtaposition
JuxtapositionJuxtaposition
Juxtaposition
 
Juxtaposition
JuxtapositionJuxtaposition
Juxtaposition
 
Juxtaposition in art
Juxtaposition in artJuxtaposition in art
Juxtaposition in art
 
Juxtaposition
JuxtapositionJuxtaposition
Juxtaposition
 
Juxtaposition powerpoint
Juxtaposition powerpointJuxtaposition powerpoint
Juxtaposition powerpoint
 
Pee paragraphs
Pee paragraphsPee paragraphs
Pee paragraphs
 
Build Features, Not Apps
Build Features, Not AppsBuild Features, Not Apps
Build Features, Not Apps
 

Similar a Java script obfuscation

Expert JavaScript tricks of the masters
Expert JavaScript tricks of the mastersExpert JavaScript tricks of the masters
Expert JavaScript tricks of the mastersAra Pehlivanian
 
Scala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghScala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghStuart Roebuck
 
Introduction aux Macros
Introduction aux MacrosIntroduction aux Macros
Introduction aux Macrosunivalence
 
Functional programming with Scala
Functional programming with ScalaFunctional programming with Scala
Functional programming with ScalaNeelkanth Sachdeva
 
Functional Programming With Scala
Functional Programming With ScalaFunctional Programming With Scala
Functional Programming With ScalaKnoldus Inc.
 
The Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S GuideThe Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S GuideStephen Chin
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaSanjeev Tripathi
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiasanjeeviniindia1186
 

Similar a Java script obfuscation (20)

Java Script ppt
Java Script pptJava Script ppt
Java Script ppt
 
Expert JavaScript tricks of the masters
Expert JavaScript tricks of the mastersExpert JavaScript tricks of the masters
Expert JavaScript tricks of the masters
 
Bypassing Web Application Firewalls
Bypassing Web Application FirewallsBypassing Web Application Firewalls
Bypassing Web Application Firewalls
 
Scala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghScala @ TechMeetup Edinburgh
Scala @ TechMeetup Edinburgh
 
Introduction aux Macros
Introduction aux MacrosIntroduction aux Macros
Introduction aux Macros
 
Coding in Style
Coding in StyleCoding in Style
Coding in Style
 
Functional programming with Scala
Functional programming with ScalaFunctional programming with Scala
Functional programming with Scala
 
Functional Programming With Scala
Functional Programming With ScalaFunctional Programming With Scala
Functional Programming With Scala
 
Getting Input from User
Getting Input from UserGetting Input from User
Getting Input from User
 
Unit-2 Getting Input from User.pptx
Unit-2 Getting Input from User.pptxUnit-2 Getting Input from User.pptx
Unit-2 Getting Input from User.pptx
 
The Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S GuideThe Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S Guide
 
Java tut1
Java tut1Java tut1
Java tut1
 
Tutorial java
Tutorial javaTutorial java
Tutorial java
 
Java Tut1
Java Tut1Java Tut1
Java Tut1
 
Java Tutorial
Java TutorialJava Tutorial
Java Tutorial
 
Java
Java Java
Java
 
JavaFX Pitfalls
JavaFX PitfallsJavaFX Pitfalls
JavaFX Pitfalls
 
Java tutorials
Java tutorialsJava tutorials
Java tutorials
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini india
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini india
 

Más de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Más de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Último (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 

Java script obfuscation

  • 2.  Working in Information Security for more than 10 years  null Moderator for Bangalore Chapter  Have a passion towards Security  Penetration Tester in Day, Coder, Researcher @ night  Coder of “IronSAP”  Just completed OSCP Prasanna Kanagasabai
  • 3.  JavaScript  JavaScript Obfuscation  JavaScript D-Obfuscation Techniques
  • 4.  Art of Hiding Execution from plain text JavaScript : Attack & Defense Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. --Wikipedia definition
  • 5. JavaScript : Attack & Defense Example <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); }
  • 6.  Bypass WAF’s, filters  Decrypt Exploit Packs  Bypass filters (in-house and commercial)  hide implementation details  Social engineering payloads
  • 8.  Loosely Typed Language  Gibberish Looking Data can convey valid information  Web Depends on JS  Mostly used in client side by recently server side impletions like node.js are becoming famous Sample: function factorial(n) { if (n === 0) { return 1; } return n * factorial(n - 1); }
  • 9.  “I am a normal string ” -- Normal String  ‘I am a normal string’ -- Normal String  / I am a regex string/+”” -- Regex Strings  /I am a regex string/.source -- Regex Source facility  [‘I am a String ’]+[] -- Square notation to access string.  JavaScript provides various methods to create strings  Strings play a very major role in obfuscation  Some implementations can be browser specific only
  • 10.  JavaScript supports many infix operators: +,-,~,++,--,!,  Plays a very active role in obfuscation
  • 11.  What is Regular Expressions ?  Browsers Support RE as function and arguments to it.  The result is either first matched or if parentheses is used the result is stored in a array.
  • 12.  // single Line comments  /**/ is a multiline comments.  JavaScript supports <!---> HTML comments inline in JavaScript.
  • 13.  Critical part of Obfuscation  3 Modes Supported :  1. Unicode =====> u0061  2. Octal =====> 141  3. Hex =====>x61
  • 14. Hide EVAL from the previous Slide
  • 16.  variables can be used to store values  Can be defined with or without “var”  1. Alphanumeric characters  2. numbers except the first character  3. _ and $  4. Unicode characters
  • 17.  JS allows various methods to create JavaScript variables:  x = "string";  (x)=('string');  this.x='string';  x ={'a':'string'}.a;  [x,y,z]=['str1','str2','str3'];  x=/z(.*)/('zstring')[1];x='string';  x=1?'string':0 JavaScript : Attack & Defense
  • 18.  Essential to interact with browser objects like:  Document – Get Access to DOM, URL,Cookies  Name – Sets property name from parent window.  Location.hash  The URL variable
  • 19. JavaScript : Attack & Defense
  • 20.  Would you believe this is JavaScript JavaScript : Attack & Defense
  • 21.  Creating a JavaScript Snippet Without any Alphanumeric characters (+[][+[]]+[])[++[[]][+[]]] = “a” Detailed steps : 1. +[] = 0 2. [+[]] = 0 inside object accessor 3. [] [+[]] = Create a blank Array with trying to 0 which creates error ‘undefined’
  • 22. 4. +[] [+[]] = We use infix operator + to perform a mathematical operation on result of previous operation which results a error NaN (Not a Number) We now have to extract the middle ‘a’ from the result: 1. (+[] [+[]] +[]) = Nan in string 2.++[[]] [+[]] = 1 (quirk by oxotonick) 3. (+[][+[]]+[])[++[[]][+[]]] = ‘a’ JavaScript : Attack & Defense
  • 23. JavaScript : Attack & Defense
  • 24. JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Obfuscated Code:
  • 25. JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0x72,0x4 6,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != - 'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Identify Essential Bits of information
  • 26.  if(uUHIjMJVFJET.indexOf(String.fromCharCo de(0157,112,0145,114,97)) = if(uUHIjMJVFJET.indexOf("opera“)  -'Z'[720094129..toString(16<<1)+""] = -1  return String.fromCharCode(0x6d,0x61,0x54,015 0,76,0114,0132,113,0x50,0155,114,0x72, 0x46,0x53); = return "maThLLZqPmrrFS" JavaScript : Attack & Defense
  • 27. JavaScript : Attack & Defense Always de-obfuscate the script by replacing “document.write” with “alert”. Same applies to “Eval”
  • 28. JavaScript : Attack & Defense
  • 29. JavaScript : Attack & Defense
  • 30.  I would like to the thank the following people:  Gareth Heyes  Mario Heiderich  Any one if I Have missed …. JavaScript : Attack & Defense