JavaScript Deobfuscation

JavaScript Deobfuscation  Easy

This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and understand its purpose.

Created by Zeyad AlMadani

Back to Catalogue Preview
To start this course Sign Up!

Summary

Many malicious actors tend to obfuscate their code to avoid it being detected by systems or understood by other developers.

The ability to deobfuscate code is a useful technique that can be applied to various real-world scenarios. It is useful on web application assessments to determine if a developer has used "security by obscurity" to hide JavaScript code containing sensitive data. It can also be useful for defenders when, for example, attempting to deobfuscate code that was responsible for the Phishing website used in an attack.

In this module, you will learn the basics of deobfuscating and decoding JavaScript code and will have several exercises to practice what you learned.

You will learn the following topics:

  • Locating JavaScript code
  • Intro to Code Obfuscation
  • How to Deobfuscate JavaScript code
  • How to decode encoded messages
  • Basic Code Analysis
  • Sending basic HTTP requests

Our final exercise in this module will open a door for many other challenges and exercises in Hack The Box!


Requirements

It is recommended to take the Web Requests module before this one to get a general understanding of how HTTP requests work. If you are already familiar with them, then you should be able to start this module.

Sections

  • Intro
  • Source Code
  • Code Obfuscation
  • Basic Obfuscation
  • Advanced Obfuscation
  • Deobfuscation
  • Code Analysis
  • HTTP Requests
  • Decoding
  • Skills Assessment
  • Summary

Relevant Paths

This module progresses you towards the following Paths

Card image
Cracking into Hack the Box

Easy 20 Sections

Cubes Required: 20

An understanding of HTTP/HTTPS, common HTTP methods, and response codes are essential for anyone getting started with attacking web applications. This knowledge will help us break down and analyze the components of a web application, such as JavaScript, which most modern websites use to perform their functions. It is not uncommon for developers to obfuscate some of their code to hide its functions and prevent reuse or copying without their permission or as an attempt to provide an additional layer of security. Attackers may also obfuscate their code for malicious purposes. Both attackers and defenders need to understand the principles of code obfuscation and techniques that can be used to deobfuscate code back to its original state. The modules in this path teach core concepts that can be applied to completing and understanding the invite code challenge to join the main Hack the Box platform at https://www.hackthebox.eu/invite.

 Web Requests

Fundamental 9 Sections

Web applications provide a large potential attack surface and need to be secured properly. A firm grasp of the basics of how applications communicate is critical for anyone interested in learning how to assess and attack web applications.

 JavaScript Deobfuscation

Easy 11 Sections

This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and understand its purpose.

Back to Catalogue
To start this course Sign Up!