Kurapica Posted September 21, 2016 Posted September 21, 2016 (edited) Difficulty : NANLanguage : DelphiPlatform : Windows x64OS Version : Windows 7Packer / Protector : None Description : Challenge : Make the application show a different message when clicking the button. by default, it shows a simple "Hello World !" message. Here are the challenge rules : 1 - No patching is allowed, It doesn't matter how you solve it as long as the SHA-1 of the original file stays "9F1CCEBBDAB4A0CEEC30C61F1D64C4B1DEAE8CBE" 2 - If your solution includes any coding then it should only be C#. 3 - Writing a simple tutorial is obligatory, don't post your solution if you don't want to write a tutorial. 4 - Don't use dUP / uPPP or similar tools but you can write your own tools if needed. 5 - your solution should be able to show the VA of the OEP and view first 9 bytes of that address before the victim loads kernel32.dll ! Screenshot : Attached. Part 1.rar Edited September 23, 2016 by Kurapica 1
Solution crystalboy Posted September 21, 2016 Solution Posted September 21, 2016 Here is my solution Loader source code included and a short tutorial also. Copy the challenge Test.exe in the same folder of the loader and run the loader. Don't touch me Kurapica by crystalboy.pdf Kurapica - Dont touch Me Loader_crystalboySnD.rar 8
Kurapica Posted September 22, 2016 Author Posted September 22, 2016 (edited) crystal clear solution I forgot to enable ASLR which made it easier Although my intention was to show how to hunt the ImageBase dynamically for a 64bit victim. well done Edited September 22, 2016 by Kurapica 2
dex73r Posted September 22, 2016 Posted September 22, 2016 (edited) Edited September 22, 2016 by dex73r 2
Kurapica Posted September 23, 2016 Author Posted September 23, 2016 @dex73r : although this can be a valid solution but crystalboy's solution is better because it's showing the concept I wanted.
Kurapica Posted September 23, 2016 Author Posted September 23, 2016 I posted Part 2 but Teddy seems busy to approve it until now.
Loki Posted September 23, 2016 Posted September 23, 2016 I think I fornicated up and deleted it :S Apologies - can you repost? I was trying to remove some other spam and appear to have deleted the wrong topic.
Loki Posted September 23, 2016 Posted September 23, 2016 Thanks K - that's what happens when you give a retard mod privileges
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now