Kurapica Posted September 21, 2016 Share Posted September 21, 2016 (edited) Difficulty : NANLanguage : DelphiPlatform : Windows x64OS Version : Windows 7Packer / Protector : None Description : Challenge : Make the application show a different message when clicking the button. by default, it shows a simple "Hello World !" message. Here are the challenge rules : 1 - No patching is allowed, It doesn't matter how you solve it as long as the SHA-1 of the original file stays "9F1CCEBBDAB4A0CEEC30C61F1D64C4B1DEAE8CBE" 2 - If your solution includes any coding then it should only be C#. 3 - Writing a simple tutorial is obligatory, don't post your solution if you don't want to write a tutorial. 4 - Don't use dUP / uPPP or similar tools but you can write your own tools if needed. 5 - your solution should be able to show the VA of the OEP and view first 9 bytes of that address before the victim loads kernel32.dll ! Screenshot : Attached. Part 1.rar Edited September 23, 2016 by Kurapica 1 Link to comment Share on other sites More sharing options...
Solution crystalboy Posted September 21, 2016 Solution Share Posted September 21, 2016 Here is my solution Loader source code included and a short tutorial also. Copy the challenge Test.exe in the same folder of the loader and run the loader. Don't touch me Kurapica by crystalboy.pdf Kurapica - Dont touch Me Loader_crystalboySnD.rar 8 Link to comment Share on other sites More sharing options...
Kurapica Posted September 22, 2016 Author Share Posted September 22, 2016 (edited) crystal clear solution I forgot to enable ASLR which made it easier Although my intention was to show how to hunt the ImageBase dynamically for a 64bit victim. well done Edited September 22, 2016 by Kurapica 2 Link to comment Share on other sites More sharing options...
dex73r Posted September 22, 2016 Share Posted September 22, 2016 (edited) Edited September 22, 2016 by dex73r 2 Link to comment Share on other sites More sharing options...
Kurapica Posted September 23, 2016 Author Share Posted September 23, 2016 @dex73r : although this can be a valid solution but crystalboy's solution is better because it's showing the concept I wanted. Link to comment Share on other sites More sharing options...
Kurapica Posted September 23, 2016 Author Share Posted September 23, 2016 I posted Part 2 but Teddy seems busy to approve it until now. Link to comment Share on other sites More sharing options...
Loki Posted September 23, 2016 Share Posted September 23, 2016 I think I fornicated up and deleted it :S Apologies - can you repost? I was trying to remove some other spam and appear to have deleted the wrong topic. Link to comment Share on other sites More sharing options...
Kurapica Posted September 23, 2016 Author Share Posted September 23, 2016 done ... Link to comment Share on other sites More sharing options...
Teddy Rogers Posted September 23, 2016 Share Posted September 23, 2016 Approved! Ted. Link to comment Share on other sites More sharing options...
Loki Posted September 23, 2016 Share Posted September 23, 2016 Thanks K - that's what happens when you give a retard mod privileges Link to comment Share on other sites More sharing options...
Kurapica Posted September 23, 2016 Author Share Posted September 23, 2016 Take it easy man $hit happens Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now