Octopus icon indicating copy to clipboard operation
Octopus copied to clipboard
verified publisher icon mhaskar

generating hta page + hta question ?

Open morzen opened this issue 5 years ago • 2 comments

I am using kali 2020.4 I made a brand new install of octopus to be sure no modification had been done on my end, with still issues getting pycrypto so pycryto is missing (see https://github.com/mhaskar/Octopus/issues/23)

I encounter an issue I didn't have before the hta page is blank which wasn't a problem before image

I have another question as well so not really a problem rather I am trying to understand something about the program so this time on a modified (just putted a few prints) version of the program (not the clean install used before )

image

I was trying to understand how the hta was generated and I reached this point and to understand what I am dealing with I putted some prints

here is the output image

so from this, I have multiple questions:

1: how is definied the variable i because from this prints i understand it is an array of length 2 containing item of the re array like re[0] is [ ']' , '=' ] and so i = [ ']' , '=' ] which mean i[0]=']' and i[1] = '='

but where is all of that created and defined I see where re is created but that is it.

2:in the for loop I see you are replacing characters by others in the variable js which has been encoded in base64 I assume this is for code obfuscation but it doesn't raise a question how is the code going to work if you modify it by that I mean that before the for loop i can decode the base64 no problem image

but rather obviously trying to decode the last iteration is proven to be useless image

so even if the hta page wasn't blank and was outputting the code (which is what it was doing for me before the code was given to me on the page) the code still wouldn't work because it would not be decodable right? I assume I am missing something

many thanks in advance for the answer and I try to understand why the page is blank it could very well be a Mozilla problem on my end of security or something like that i am checking for that

morzen avatar Dec 22 '20 11:12 morzen

Hey @morzen ,

Can you get a new version of Octopus and regenerate the HTA, then do a view page source in order to check if you can see the code or not?

mhaskar avatar Jan 03 '21 23:01 mhaskar

image

sure no problem =)

morzen avatar Jan 04 '21 14:01 morzen