Decoding Obfuscated JavaScript for Pentesting

By /

Listen to this Post

In the world of cybersecurity, particularly during penetration testing, encountering obfuscated JavaScript is a common occurrence. Obfuscation is often used to hide malicious code or sensitive endpoints. Let’s dive into how you can decode such obfuscated JavaScript and uncover hidden information.

Example of Obfuscated JavaScript

Consider the following JavaScript snippet:

[javascript]
eval(String.fromCharCode(104, 116, 116, 112, 115, 58, 47, 47, 97, 100, 105, 116, 121, 97, 46, 116, 101, 115, 116, 47, 115, 101, 99, 114, 101, 116));
[/javascript]

This code uses `String.fromCharCode` to convert ASCII codes into a string, which is then executed using eval. To decode this, you can use the browser’s Developer Tools (DevTools) or a simple JavaScript console.

Steps to Decode Obfuscated JavaScript

1. Open Browser DevTools:

  • Press `F12` or `Ctrl+Shift+I` (Windows/Linux) or `Cmd+Option+I` (Mac) to open DevTools.
  • Navigate to the Console tab.

2. Decode the String:

  • Copy the `String.fromCharCode` part and paste it into the console.
  • Example: 
    console.log(String.fromCharCode(104, 116, 116, 112, 115, 58, 47, 47, 97, 100, 105, 116, 121, 97, 46, 116, 101, 115, 116, 47, 115, 101, 99, 114, 101, 116));
  • This will output the decoded string: 
    https://aditya.test/secret

3. Analyze the Decoded Output:

  • The decoded string may reveal a URL, API endpoint, or other sensitive information.
  • Investigate further by visiting the URL or inspecting the endpoint for vulnerabilities.

You Should Know:

  • Common Obfuscation Techniques:
  • Base64 encoding: Use `atob()` to decode.
  • Hexadecimal encoding: Convert hex to ASCII using tools or scripts.
  • Minification: Use tools like `jsbeautifier.org` to de-minify code.

  • Linux Commands for Decoding:

  • Decode Base64: 
    echo "aHR0cHM6Ly9hZGl0eWEudGVzdC9zZWNyZXQ=" | base64 --decode

  • Convert Hex to ASCII:

    echo "68 74 74 70 73 3a 2f 2f 61 64 69 74 79 61 2e 74 65 73 74 2f 73 65 63 72 65 74" | xxd -r -p

  • Windows Commands for Decoding:

  • Decode Base64 using PowerShell: 
    

    • 

  • Convert Hex to ASCII using PowerShell:

    $hex = "68 74 74 70 73 3a 2f 2f 61 64 69 74 79 61 2e 74 65 73 74 2f 73 65 63 72 65 74"
-join ($hex -split ' ' | ForEach-Object {[char][convert]::ToInt32($_, 16)})

    

    • 



What Undercode Say:


Decoding obfuscated JavaScript is a critical skill in cybersecurity, especially during penetration testing. By mastering techniques like using browser DevTools, Linux commands, and PowerShell scripts, you can uncover hidden endpoints, sensitive data, or even malicious code. Always ensure you have proper authorization before decoding or interacting with obfuscated scripts in a live environment.


Expected Output:


https://aditya.test/secret



References:


Reported By: Aditya Patil – Hackers Feeds

Extra Hub: Undercode MoN

Basic Verification: Pass βœ…


Join Our Cyber World:


πŸ’¬ Whatsapp | πŸ’¬ TelegramFeatured Image


		
		
			




	




 
 Related Posts: