XSS and bypassing an Imperva WAF with JSFuck
Grumpy Admin here, if like me… using a computer has resulted in you never really bothering with mental maths anymore! Often even for simple things like 255 -32 . I would out just hit winkey + R type calc.exe the good old faithful Windows Calculator. Grumpy Admin is too lazy to think you know!
My mental maths isn’t bad, and I know that the resulting subtraction of 32 from 255 is the grand total of 218… ha ha just testing you, it is in fact 223! (no calc.exe used honest) had you going! This was/is a habit, and habits are hard to break. Grumpy Admin isn’t against finding new ways of doing things but it is hard and when I revert back to the old methods out of habit I get grumpy. I also get grumpy when I see people doing things the slow way. For example, the boss broke out of a PowerShell prompt to load the Run Dialog box to type calc.exe to confirm the 4×1024 was 4096!
This reminded me of a great wonderful tip, I picked up a while back – why bother with calc.exe when you are in a PowerShell command line! If like me you have a PowerShell window open anyway just in case so just alt-tab and use that – far quicker and makes you look a lot more geeky!
PowerShell allows you to do your maths calculations right there on the command line – just type it and it does it!
Wham you have your answer dam quick! A very helpful tip. As you can see above, I did a Multiply/Divide/Subtract/Add . This tip is something people might overlook! So I thought I would share that with you in the hope it will save you time.
Why stop there – you have a whole programming language, so let’s tap into that for there are more complicated moments that this can help you out. For example, when your boss asks you on the fly to give you the powers of two numbers for some random calculation that will no doubt be just ported into a costing spreadsheet and used to fleece bill the customer at some point in the near future.
So demo that for you. We want to raise our quote by the power of say Pi (3.141)! How would I do that in PowerShell quickly or in a script! Easy I can just do
Easy – but let look at another way…
So let say we are going to rip our customer off assume it is a local government authority and we want to use more correct version of PI in case of an audit!
Well we can use the [system.math] class 🙂 let’s do a quick
[math] | get-member -static
As you can see there are some methods and couple properties exposed to us through this class. Also you can see that I didn’t actually need to write the word system in the name space.
As you can see bottom of the list is PI
Let’s just confirm PI just for our own mind…. every decimal point might bring in a little bit more cash for the beer fund company on the invoice!
So let just type
And as you see it returns! PI!!!!! Yummy… burp! So all we need to do to multiply our “cost” with PI
That is a bit harsh for our customer though, so let’s bring it back down to earth and divide the whole invoice by 2! You can now see how magic figures are generated in quotes… be glad Grumpy Admin has nothing to do with raising quotes for work… or the customers will be the ones who are grumpy!!! Back to the story, PowerShell supports brackets () so we can do this :-
Can’t believe maths is actually fun when used to ripoff invoice customers! I always though the maths teachers lied!!!