Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generating hta page + hta question ? #24

Open
morzen opened this issue Dec 22, 2020 · 2 comments
Open

generating hta page + hta question ? #24

morzen opened this issue Dec 22, 2020 · 2 comments

Comments

@morzen
Copy link

morzen commented Dec 22, 2020
edited
Loading

I am using kali 2020.4 I made a brand new install of octopus to be sure no modification had been done on my end, with still issues getting pycrypto so pycryto is missing (see #23)

I encounter an issue I didn't have before the hta page is blank which wasn't a problem before
image

I have another question as well so not really a problem rather I am trying to understand something about the program
so this time on a modified (just putted a few prints) version of the program (not the clean install used before )

image

I was trying to understand how the hta was generated and I reached this point and to understand what I am dealing with I putted some prints

here is the output
image

so from this, I have multiple questions:

1: how is definied the variable i because from this prints i understand it is an array of length 2 containing item of the re array
like re[0] is [ ']' , '=' ] and so i = [ ']' , '=' ] which mean i[0]=']' and i[1] = '='

but where is all of that created and defined I see where re is created but that is it.

2:in the for loop I see you are replacing characters by others in the variable js which has been encoded in base64
I assume this is for code obfuscation
but it doesn't raise a question how is the code going to work if you modify it by that I mean that before the for loop i can decode the base64 no problem
image

but rather obviously trying to decode the last iteration is proven to be useless
image

so even if the hta page wasn't blank and was outputting the code (which is what it was doing for me before the code was given to me on the page) the code still wouldn't work because it would not be decodable right?
I assume I am missing something

many thanks in advance for the answer and I try to understand why the page is blank it could very well be a Mozilla problem on my end of security or something like that i am checking for that
@mhaskar
Copy link
Owner

mhaskar commented Jan 3, 2021

Hey @morzen ,

Can you get a new version of Octopus and regenerate the HTA, then do a view page source in order to check if you can see the code or not?

@morzen
Copy link
Author

morzen commented Jan 4, 2021

image

sure no problem =)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mhaskar @morzen