CScript

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Windows
  • Description: JavaScript and VBScript interpreter for deobfuscation

Print VBScript using:

WScript.Echo(x)

You can overwrite the VBScript execute function to print instead by adding something like the below to the top of a VBScript file:

Function execute(x)
   WScript.Echo(x)
End Function

Run CScript from the Windows Command Prompt.

V8

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: JavaScript interpreter for deobfuscation
General Usage:
$ d8
d8> load('objects.js')
d8> load('malicous.js')

If using REMnux it includes /usr/share/remnux/objects.js
which defines objects that would normally be defined in
a browser or maldoc. If expected objects don't exist
SpiderMonkey will give "not defined" errors. 

SpiderMonkey

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: JavaScript interpreter for deobfuscation
Helpful Options:
 -f  specify file with script

If using REMnux it includes /usr/share/remnux/objects.js
which defines objects that would normally be defined in
a browser or maldoc. If expected objects don't exist
SpiderMonkey will give "not defined" errors. 

CapTipper

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

  • OS: Linux/Windows
  • Description: Analyze and extract files from a .pcap
Helpful Options:
 -d    dump files to specified directory
 -g    ungzip responses
 -r    output report to specified directory

wget and curl

This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!

curl

  • OS: Linux/Windows
  • Description: Download files or website assets
Helpful Options:
 -A   user-agent string
 -b   cookie value
 -d   post data
 -D   dump headers to specified file
 -e   referer string
 -F   post data emulating a filled-in form
 -G   send data as a get instead of post
 -H   extra header string
 -K   curl config file
 -o   output file

default config file is ~/.curlrc. to use a different file use -K option

wget

  • OS: Linux/Windows
  • Description: Download files or website assets
Helpful Options:
 --config         wget config file
 --header         extra header string
 --load-cookies   load cookies from file
 --post-data      post data
 --referer        referer string
 --save-cookies   save cookies to file
 -o               logfile
 -O               output file
 -S               print headers
 -U               user-agent string

default config file is ~/.wgetrc. to use a different file use --config option