Deobfuscation & Decode
Beautify
For example, if we were using Firefox, we can open the browser debugger with [ CTRL+SHIFT+Z
], and then click on our script secret.js
. This will show the script in its original formatting, but we can click on the '{ }
' button at the bottom, which will Pretty Print
the script into its proper JavaScript formatting:

Furthermore, we can utilize many online tools or code editor plugins, like Prettier or Beautifier. Let us copy the secret.js
script:
Code: javascript
eval(function (p, a, c, k, e, d) { e = function (c) { return c.toString(36) }; if (!''.replace(/^/, String)) { while (c--) { d[c.toString(a)] = k[c] || c.toString(a) } k = [function (e) { return d[e] }]; e = function () { return '\\w+' }; c = 1 }; while (c--) { if (k[c]) { p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]) } } return p }('g 4(){0 5="6{7!}";0 1=8 a();0 2="/9.c";1.d("e",2,f);1.b(3)}', 17, 17, 'var|xhr|url|null|generateSerial|flag|HTB|flag|new|serial|XMLHttpRequest|send|php|open|POST|true|function'.split('|'), 0, {}))
We can see that both websites do a good job in formatting the code:


We can find many good online tools to deobfuscate JavaScript code and turn it into something we can understand. One good tool is UnPacker. Let's try copying our above-obfuscated code and run it in UnPacker by clicking the UnPack
button.
Tip: Ensure you do not leave any empty lines before the script, as it may affect the deobfuscation process and give inaccurate results.

POST Request
To send a POST
request, we should add the -X POST
flag to our command, and it should send a POST
request:
eldeim@htb[/htb]$ curl -s http://SERVER_IP:PORT/ -X POST
Tip: We add the "-s" flag to reduce cluttering the response with unnecessary data
However, POST
request usually contains POST
data. To send data, we can use the "-d "param1=sample"
" flag and include our data for each parameter, as follows:
eldeim@htb[/htb]$ curl -s http://SERVER_IP:PORT/ -X POST -d "param1=sample"
Now that we know how to use cURL
to send basic POST
requests, in the next section, we will utilize this to replicate what server.js
is doing to understand its purpose better.
Base64 Encode
eldeim@htb[/htb]$ echo https://www.hackthebox.eu/ | base64
aHR0cHM6Ly93d3cuaGFja3RoZWJveC5ldS8K
Base64 Decode
eldeim@htb[/htb]$ echo aHR0cHM6Ly93d3cuaGFja3RoZWJveC5ldS8K | base64 -d
https://www.hackthebox.eu/
Hex Encode
eldeim@htb[/htb]$ echo https://www.hackthebox.eu/ | xxd -p
68747470733a2f2f7777772e6861636b746865626f782e65752f0a
Hex Decode
eldeim@htb[/htb]$ echo 68747470733a2f2f7777772e6861636b746865626f782e65752f0a | xxd -p -r
https://www.hackthebox.eu/
Rot13 Encode
eldeim@htb[/htb]$ echo https://www.hackthebox.eu/ | tr 'A-Za-z' 'N-ZA-Mn-za-m'
uggcf://jjj.unpxgurobk.rh/
Rot13 Decode
eldeim@htb[/htb]$ echo uggcf://jjj.unpxgurobk.rh/ | tr 'A-Za-z' 'N-ZA-Mn-za-m'
https://www.hackthebox.eu/
Last updated