Flare On 6

[Extreme Coders]

@muppet

35 minutes ago, muppet said:

But is the data really supposed to be jibberish when I look at what input data generated that ciphertext ?

If you're doing it right it should decrypt to well formed and valid data with a recognizable header.

[_fuso_]

Hello, again

I have a question in Mugatu task.

Can someone confirm that the URL in EXE related with POST is necessary?  I am asking becasue i don't know if it is not working or is down and I am going in wrong direction. I see request to it but no response...So am doing something wrong or there is a problem with flare-on.com subdomain. Thank you for hints.

 

[kao]

@_fuso_: there is no problem with flare-com subdomain. It was never working, and challenge can be solved without that.

[bandit]

Any hints for #12?

Spoiler

I've got the dlls and have a fair idea of what they do (specifically crypto).

But when i try to decipher  the 7777 packets all I get is non-printable gibberish.

 

[Extreme Coders]

@bandit

Spoiler

Beside the DLLs there are also other drivers that deal with crypto.

 

[scorpion77]

19 hours ago, Extreme Coders said:

@scorpion77 Yes it does.

@muppet

  Reveal hidden contents

The changes made to the IL are to the operands of the instructions (not the opcodes themselves). So you can use "Edit IL Instructions..." to make the necessary changes.

 

Thank you all who helped!!  Now onto the 7th one.

[Geordeaux]

On 9/2/2019 at 5:10 PM, scorpion77 said:

And finally the right tools!!! Like someone mentioned on twitter. The flag was looking straight at me Thank you folks

 

Hey, Which tools did you use besides ninja ripper?

[scorpion77]

4 minutes ago, Geordeaux said:

Hey, Which tools did you use besides ninja ripper?

I used blender - another hint the mesh file wont directly load in blender though

Edited September 17, 2019 by scorpion77

[kao]

Guys, please remember to use "spoiler" tags..

[Geordeaux]

50 minutes ago, scorpion77 said:

I used blender - another hint the mesh file wont directly load in blender though

THANK YOU! I've been trying to use 3d studio max with no success

[scorpion77]

37 minutes ago, kao said:

Guys, please remember to use "spoiler" tags..

Sorry about that

[usman23]

i am stuck at flare-on  challenge #2

any body  give any suggestion

[usman23]

i am stuck at flare-on  challenge #2

any body  give any suggestion

any help

[scorpion77]

@usman123

at what point are you stuck. If you can tell what you tried and at what point you dont know how to move forward I could give hints

[bandit]

@Extreme Coders:

Spoiler

Thanks. I've figured out the encryption but what i don't get is presence of both encrypted and plaintext blocks of traffic. Might still be missing something here. Any hints?

 

[Extreme Coders]

@bandit

Spoiler

All of the relevant traffic is encrypted once or more than once and sometimes compressed (if you aren't taking that into account).
The plaintext traffic in the pcap isn't of interest.

 

Edited September 18, 2019 by Extreme Coders
Add some useful info

[Geordeaux]

21 hours ago, Geordeaux said:

THANK YOU! I've been trying to use 3d studio max with no success

Spoiler

I've figured out how to produce the .rip files but like you said I'm having trouble tryingto figure out how to load the mesh files in blender. Can I manually create the mesh with the data from the .rip?

 

[Geordeaux]

Spoiler

I've figured out how to produce the .rip files but like you said I'm having trouble tryingto figure out how to load the mesh files in blender. Can I manually create the mesh with the data from the .rip?

 

[usman23]

@scorpion77

i want to find string in second challenge i use ollydbg. after show messagebox i enter nop  and run next messegebox then encoded string found in stack like this

0018FF8C   7DD7343D  /CALL to MessageBoxA from kernel32.7DD7343B
0018FF90   7EFDE000  |hOwner = 7EFDE000
0018FF94  /0018FFD4  |Text = "ìÿ"
0018FF98  |7DEA9802  |Title = "ÇEüþÿÿÿè³GÿÿÂ"
0018FF9C  |7EFDE000  \Style = MB_OK|MB_TASKMODAL|MB_NOFOCUS|7EFD4000

i don't know how decoded  any suggestion

[scorpion77]

@usman23

Spoiler

What do you see when you run the exe? You get a message in the message box. Where and how did that message come from? Look a little further

 

[usman23]

@scorpion77

when i RETN 10 convert to NOP and highlightted message box instruction run then this input shown

0018FF8C   7DD7343D  /CALL to MessageBoxA from kernel32.7DD7343B
0018FF90   7EFDE000  |hOwner = 7EFDE000
0018FF94  /0018FFD4  |Text = "ìÿ"
0018FF98  |7DEA9802  |Title = "ÇEüþÿÿÿè³GÿÿÂ"
0018FF9C  |7EFDE000  \Style = MB_OK|MB_TASKMODAL|MB_NOFOCUS|7EFD4000

[scorpion77]

@usman23

 

Spoiler

Look at the origin of the message displayed in the messagebox (the location shown as local.33). See how the message gets decoded in that location

 

[usman23]

@scorpion77

ok thanks i check on this location

[_fuso_]

Hi ,

It's me again

Spoiler

Can someone tell me what is going on with Morpheus? What should i do with his info. I tried many things but best.gif does not look good after applying his hints

I am tired with this task.

Thank you.

[_fuso_]

 

Spoiler

Is it realated with GIF header in Morpheus?

 

Edited September 18, 2019 by _fuso_