- This topic has 7 replies, 4 voices, and was last updated 8 years, 4 months ago by
alan.
-
AuthorPosts
-
-
September 25, 2012 at 5:40 pm #7920
Xen
ParticipantHello,
It’s been a long time since I last posted on EHNet. Some of you might remember me and some might not. To cut the long story short, I got selected in one of the best universities of my country for MS and currently pursuing research in IT Security.
For one of my research projects I need obfuscated javascript samples: both malicious and harmless. I was thinking if I could get samples from any of the EHNet members or if any of you could direct me to some resource where I could get the samples.
If you want to share samples, kindly message me on EHNet and I will provide you my email address.
Note: Please do not ask for my email if you have only 1-2 posts here on EHNet. I will only provide the email to members I trust or members I can trust.
Regards,
Equix3n -
September 25, 2012 at 5:58 pm #50111
hayabusa
ParticipantAn older example I’d posted:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,7988.msg42741/#msg42741
Hope it helps.
-
September 25, 2012 at 6:18 pm #50112
hayabusa
ParticipantAlso, albeit simple, you could grab pretty much anyone’s javascript (non-evil) and run it through an obfuscation tool like:
http://www.javascriptobfuscator.com/
and present that as one of your samples…
-
September 25, 2012 at 6:30 pm #50113
-
September 25, 2012 at 6:50 pm #50114
hayabusa
ParticipantWell, your post didn’t ask for a few thousand… 😛
I’m not sure if there’s a definitive source of a few thousand examples, that anyone can point you to, offhand… But if they can, I’d be interested to see that, too, if for not other reason than to study ‘other’ methods that I haven’t seen.
Edit – looking for that many, might I assume your project is to try to create some sort of tool to spot them?
-
September 25, 2012 at 10:53 pm #50115
RoleReversal
ParticipantIf I’m wanting to quickly analyse some JS in the wild I usually turn to Wepawet. I’ve no affiliation with the service but it couldn’t hurt to get in touch with the team there to see if they’re willing/able to provide access to some of their samples?
Alternatively, some of Wepawet’s reports can be accessed based on md5 hash of the content (I found this report via a quick google search for example). I’ve not read their Ts&Cs so use at your own risk, but a quick Google Dork of:
site:wepawet.iseclab.org intitle:report inurl:’type=js’
is currently returning >15k results
Unfortunately Wepawet’s report format only lists the de-obfuscated operations rather than the original source so may not be exactly relevant to your needs, but you could always use the listed report targets to grab any scripts that are still live yourself.
Hope this helps, good luck with your project.
-
September 26, 2012 at 7:42 am #50116
-
September 26, 2012 at 5:14 pm #50117
alan
ParticipantNot sure if you can see recent submission on iseclab’s wepawet site. Here’s another one work a look, use the search feature to grab more recently checked URLs
http://urlquery.net/search.php?q=.&type=string&start=2012-09-24&end=2012-09-26&max=50
You might need to sift through some of the lower repped results to get some obsfucated javascript. And they may still be up.
Congrats, enjoy your studies!
-
-
AuthorPosts
- You must be logged in to reply to this topic.