Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5

De-Obfuscating JS samples.

#7
I've now found a similar sample in the wild on the same forum referenced above.
Was a link to a guide on exploiting G2A servers by spoofing timezone data/getting time mismatch errors causing to get a refund on a purchase. The payment processor allegedly refunded if the time was off, yet G2A would allegedly claim the payment went through, resulting in both a refund and getting the product.

Won't post the link here, but don't believe everything you see on the internet. Although this exploit would be plausible (it used to work on Steam to get preordered games faster by a few hrs claiming you were in Australia,) you should take things with a grain of salt. Generally if you see a script that's condensed into one line and has hex values everywhere, you can probably bet that it's malicious.
Reply


Messages In This Thread
De-Obfuscating JS samples. - by Lain - September 18th, 2019 at 2:03 PM
RE: De-Obfuscating JS samples. - by Guardian - September 18th, 2019 at 5:43 PM
RE: De-Obfuscating JS samples. - by SpookyZalost - September 19th, 2019 at 2:09 AM
RE: De-Obfuscating JS samples. - by Lain - September 19th, 2019 at 2:18 AM
RE: De-Obfuscating JS samples. - by SpookyZalost - September 19th, 2019 at 2:24 AM
RE: De-Obfuscating JS samples. - by Darth-Apple - September 19th, 2019 at 7:51 PM
RE: De-Obfuscating JS samples. - by Lain - September 20th, 2019 at 8:14 PM
RE: De-Obfuscating JS samples. - by Darth-Apple - September 22nd, 2019 at 1:20 AM



Users browsing this thread: 2 Guest(s)

Dark/Light Theme Selector

Contact Us | Makestation | Return to Top | Lite (Archive) Mode | RSS Syndication 
Proudly powered by MyBB 1.8, © 2002-2024
Forum design by Makestation Team © 2013-2024