masta Posted September 26, 2018 Posted September 26, 2018 If you've already decrypted the communication between the sample and the C&C, it should be trivial. The communication between the sample and JJ-pc is encrypted using the same scheme, but with another session key.
bandit Posted October 1, 2018 Posted October 1, 2018 Yup. Figured out both communications. Was able to get past it. Any hints for #12? I'm able to get to the VM image but need some help figuring out how the passwd is being validated.
Extreme Coders Posted October 1, 2018 Posted October 1, 2018 @bandit You try tracing the execution, which memory cells are accessed and modified in what way. Quite time taking to say the least.
bandit Posted October 2, 2018 Posted October 2, 2018 Is that the last stage of the challenge (the l_e_q)? Or am i in another assembly hell after solving that?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now