Showing posts with label javascript deobfuscation. Show all posts
Showing posts with label javascript deobfuscation. Show all posts

Saturday, February 16, 2013

SecurityOverride Privilege Escalation Challenges

These challenges looked promising at first until you actually poke around on their "terminal" (http://securityoverride.org/challenges/privilege_escalation/terminal.php). It's obvious that it's JQuery, so let's start there. View the source of the page and you won't find any other javascript files attached to the source. You can see that it is actually JQuery (as I thought).


So, let's click the jquery.js file and see what's in it, I bet they hid it somewhere in there. In fact, it's right at the very bottom of the file, not hard to locate at all.


Looks a bit obfuscated, this may be difficult. Here is a pastiebin link to the obfuscated code. I did a quick Google search and found an online javascript "beautifier", pasted the code and it deobfuscated it. Awesome. So now looking through the code you can clearly see the passwords for the levels.

1:  Filesystem_etcL5a = {  
2:    'passwd': {  
3:      type: 'file',  
4:      read: function (terminal) {  
5:        terminal.print();  
6:        $.each([  
7:          'level1:533V18k:1001:1001:level1:home/level1:/bin/bash',  
8:          'level2:24o23tD:1002:1002:level2:home/level2:/bin/bash',  
9:          'level3:test123:1003:1003:level3:home/level3:/bin/bash',  
10:          'level4:SLIv5V1:1004:1004:level4:home/level4:/bin/bash',  
11:          'level5:14261Rc:1005:1005:level5:home/level5:/bin/bash',  
12:          'level6:8654TRC:1005:1005:level6:home/level6:/bin/bash', ], function (num, line) {  
13:          terminal.print(line);  
14:        });  
15:      }  
16:    },  

It seems they jumped the gun on this one, maybe more planning or even a proper wargame box might prevent this and even give securityoverride.org more member base and respect.