Clever JavaScript to bypass eval method [duplicate] - javascript

This question already has an answer here:
What's going on in this piece of Javascript?
(1 answer)
Closed 6 years ago.
[]["constructor"]["constructor"](<string representing JavaScript code>)()
In JavaScript the "constructor" property returns the prototype of an object. In this case the prototype of [] is the Array class. Accessing the "constructor" property of the Array class returns the Function object. The constructor of Function object then returns a function and the body of that function is the last parameter, which is passed to the constructor. This results in the creation of a function that uses the provided string as the function's body (i.e. code), which is then instantly executed.
As stated in the paragraph above from: https://www.trustwave.com/Resources/SpiderLabs-Blog/Angler-Exploit-Kit-%E2%80%93-Gunning-For-the-Top-Spot/?page=1&year=0&month=0
The above line of code was used to execute obfuscated JavaScript code without using the 'eval' method. After reading this paragraph, I can't quite grasp this clever line of code. Can anyone explain what is actually happening?

Note the constructor of an Array instance is obviously Array:
[].constructor === Array
and further, the constructor of Array is Function:
[].constructor.constructor === Array.constructor === Function
Now in JavaScript, Function(source) returns a function instance whose source is given by the parameter. For example:
Function("alert(1337)");
will create (and is analogous to):
function() {
alert(1337);
}
Your code will instantiate such a function and immediately call it with (). And that's exactly how eval behaves.
So, if it helps, you could reduce your code example to:
Function(source)();

Related

Can new be applied to any function in JavaScript? [duplicate]

This question already has answers here:
How to check if a Javascript function is a constructor
(9 answers)
Closed 1 year ago.
Many sources like MDN and this tutorial define a concept called "constructor" that should be used with the new keyword to create an instance in traditional OOP's sense. But what "constructor" means is not formally stated.
It seems to me that literally any function can be used with new. (Though function without any manipulation to this in its definition is not particularly useful when newed, because it merely returns an empty object). Is this correct?
When you use the new keyword, it creates a new object. When you create an instance of a class with new, it creates an object, and any properties in the constructor method will be initialized in the object as well.

Why does Function's prototype key seem to point towards a function and not an object like Object's prototype key [duplicate]

This question already has answers here:
In JavaScript, why typeof Function.prototype is "function", not "object" like other prototype objects?
(4 answers)
Function.prototype is a function
(3 answers)
why typeof(Function.prototype) is function
(4 answers)
Closed 2 years ago.
If you look at Object in Chrome DevTools you'll see that it's prototype property points towards an object, and I expect this.
Object
Functions prototype property looks like it points towards a function which I find suprising.
Function
First of all, is this true? And if so, is there any reason why Function's prototype key points towards a function object instead of just a plain object? (Are there any big implications to this?)
Javascript follows Prototypal-Inheritance. And Object and Function are nothing but Constructor Functions. Any subsequent function or object created will hence inherit properties from the prototype (*).
With this pattern, it is obvious that a prototype of an Object points to an object and that of a function points to a function. It may be a bit confusing, hence it is recommended to follow this
"The Function prototype object is specified to be a function object to
ensure compatibility with the ECMAScript code that was created prior
to the ECMAScript 2015 specification."
(*) Be noted that functions are objects (you can add properties to them) in Javascript.

Javascript Functions and Objects Confusion [duplicate]

This question already has answers here:
Function and Object Javascript
(2 answers)
Closed 5 years ago.
In Javascript, we have two fundamental building blocks called functions and objects. But I'm a bit confused about the phrase functions are special type of objects. Anyways, in Javascript:
We create functions like this:
function foo(){}
Now the above declared function also behaves like an object as below:
foo.staticMethod = function(){}
Ok. I understand it.
Now similarly we create objects like this:
var obj = new Object() // Not using object literal here
That means, we need a function constructor Object to make even an empty object.
But Functions are also objects. How????
So my simple question is, if Object is used to create any new object, then how it can be an object itself as it accepts a property Object.prototype or I should say how a function can be an object ?
function Object(){
return {};
}

What is return new function(); in JavaScript? [duplicate]

This question already has answers here:
What is the 'new' keyword in JavaScript?
(17 answers)
Closed 8 years ago.
In js code I have seen this used:
function doStuff( selector ) {
/* Stuff to do with selector */
}
var q = function( selector ) {
return new doStuff( selector );
}
What exactly is happening? What is return new really doing? It seems to pass its arguments to the other function, but would someone please be kind enough to walk me through the process?
All and any help is appreciated, thanks in advance.
When we call a function with the new keyword. the following will happen:
A new object will be created in the memory
The scope of that object will be passed to the function; So the this keyword will refer to that object.
The newly created object will be returned.
So in essence, that is how you create instances in JavaScript. You need to call a function with the new keyword. When doing so, the function is called constructor.
In your example, the q function returns an instance of the doStuff method. Bare in mind though that the naming convention is not correct.
Constructors should be nouns rather that verbs and they should be in Pascal-case, not camel-case

what is the difference between these 2 javascript functions? [duplicate]

This question already has answers here:
What's the difference between this.bla to Object.prototype.bla
(4 answers)
Closed 9 years ago.
I want to know what is the difference between insideFn and outsideFn in the follwoing case :
function Construct()
{
this.insideFn = function(obj){
....
}
}
Construct.prototype.outsideFn = function(obj){
...
}
and which one is efficient to use ?
In the first case every instance created with Construct will have its own insideFn, which will waste memory in case you will use more than one instance. In the second case each instance of Construct will have just a reference to outsideFn. So the latter is better.
In the first construct the method is an attribute of the instance of Construct.
In the second construct the method is an attribute of the prototype object from Construct
If you define functions inside the prototype object, they will be the same when calling.
The prototypevariant often saves memory and speeds up the code.
You can also overload a prototype function within the instance of an object, to change the default behaviour of your object.
For better english and much more details see http://www.javascriptenlightenment.com/
The first one function Construct() {} is a class(in javascript it is an object) whereas later on you are inheriting(extending) this class using the keyword prototype and adding one more function outsideFn. There are no specific classes in JavaScript so you have to use objects as classes.

Categories