Extreme Coders Posted September 16, 2019 Posted September 16, 2019 @muppet On 9/16/2019 at 1:58 PM, muppet said: But is the data really supposed to be jibberish when I look at what input data generated that ciphertext ? Expand If you're doing it right it should decrypt to well formed and valid data with a recognizable header.
_fuso_ Posted September 16, 2019 Posted September 16, 2019 Hello, again I have a question in Mugatu task. Can someone confirm that the URL in EXE related with POST is necessary? I am asking becasue i don't know if it is not working or is down and I am going in wrong direction. I see request to it but no response...So am doing something wrong or there is a problem with flare-on.com subdomain. Thank you for hints.
kao Posted September 16, 2019 Author Posted September 16, 2019 @_fuso_: there is no problem with flare-com subdomain. It was never working, and challenge can be solved without that.
bandit Posted September 16, 2019 Posted September 16, 2019 Any hints for #12? Reveal hidden contents I've got the dlls and have a fair idea of what they do (specifically crypto). But when i try to decipher the 7777 packets all I get is non-printable gibberish.
Extreme Coders Posted September 16, 2019 Posted September 16, 2019 @bandit Reveal hidden contents Beside the DLLs there are also other drivers that deal with crypto.
scorpion77 Posted September 17, 2019 Posted September 17, 2019 On 9/16/2019 at 1:22 PM, Extreme Coders said: @scorpion77 Yes it does. @muppet Reveal hidden contents The changes made to the IL are to the operands of the instructions (not the opcodes themselves). So you can use "Edit IL Instructions..." to make the necessary changes. Expand Thank you all who helped!! Now onto the 7th one.
Geordeaux Posted September 17, 2019 Posted September 17, 2019 On 9/2/2019 at 7:10 AM, scorpion77 said: And finally the right tools!!! Like someone mentioned on twitter. The flag was looking straight at me Thank you folks Expand Hey, Which tools did you use besides ninja ripper?
scorpion77 Posted September 17, 2019 Posted September 17, 2019 (edited) On 9/17/2019 at 11:27 AM, Geordeaux said: Hey, Which tools did you use besides ninja ripper? Expand I used blender - another hint the mesh file wont directly load in blender though Edited September 17, 2019 by scorpion77
kao Posted September 17, 2019 Author Posted September 17, 2019 Guys, please remember to use "spoiler" tags..
Geordeaux Posted September 17, 2019 Posted September 17, 2019 On 9/17/2019 at 11:31 AM, scorpion77 said: I used blender - another hint the mesh file wont directly load in blender though Expand THANK YOU! I've been trying to use 3d studio max with no success
scorpion77 Posted September 17, 2019 Posted September 17, 2019 On 9/17/2019 at 11:45 AM, kao said: Guys, please remember to use "spoiler" tags.. Expand Sorry about that
usman23 Posted September 17, 2019 Posted September 17, 2019 i am stuck at flare-on challenge #2 any body give any suggestion
usman23 Posted September 18, 2019 Posted September 18, 2019 i am stuck at flare-on challenge #2 any body give any suggestion any help
scorpion77 Posted September 18, 2019 Posted September 18, 2019 @usman123 at what point are you stuck. If you can tell what you tried and at what point you dont know how to move forward I could give hints
bandit Posted September 18, 2019 Posted September 18, 2019 @Extreme Coders: Reveal hidden contents Thanks. I've figured out the encryption but what i don't get is presence of both encrypted and plaintext blocks of traffic. Might still be missing something here. Any hints?
Extreme Coders Posted September 18, 2019 Posted September 18, 2019 (edited) @bandit Reveal hidden contents All of the relevant traffic is encrypted once or more than once and sometimes compressed (if you aren't taking that into account). The plaintext traffic in the pcap isn't of interest. Edited September 18, 2019 by Extreme Coders Add some useful info
Geordeaux Posted September 18, 2019 Posted September 18, 2019 On 9/17/2019 at 12:22 PM, Geordeaux said: THANK YOU! I've been trying to use 3d studio max with no success Expand Reveal hidden contents I've figured out how to produce the .rip files but like you said I'm having trouble tryingto figure out how to load the mesh files in blender. Can I manually create the mesh with the data from the .rip?
Geordeaux Posted September 18, 2019 Posted September 18, 2019 Reveal hidden contents I've figured out how to produce the .rip files but like you said I'm having trouble tryingto figure out how to load the mesh files in blender. Can I manually create the mesh with the data from the .rip?
usman23 Posted September 18, 2019 Posted September 18, 2019 @scorpion77 i want to find string in second challenge i use ollydbg. after show messagebox i enter nop and run next messegebox then encoded string found in stack like this 0018FF8C 7DD7343D /CALL to MessageBoxA from kernel32.7DD7343B 0018FF90 7EFDE000 |hOwner = 7EFDE000 0018FF94 /0018FFD4 |Text = "ìÿ" 0018FF98 |7DEA9802 |Title = "ÇEüþÿÿÿè³GÿÿÂ" 0018FF9C |7EFDE000 \Style = MB_OK|MB_TASKMODAL|MB_NOFOCUS|7EFD4000 i don't know how decoded any suggestion
scorpion77 Posted September 18, 2019 Posted September 18, 2019 @usman23 Reveal hidden contents What do you see when you run the exe? You get a message in the message box. Where and how did that message come from? Look a little further
usman23 Posted September 18, 2019 Posted September 18, 2019 @scorpion77 when i RETN 10 convert to NOP and highlightted message box instruction run then this input shown 0018FF8C 7DD7343D /CALL to MessageBoxA from kernel32.7DD7343B 0018FF90 7EFDE000 |hOwner = 7EFDE000 0018FF94 /0018FFD4 |Text = "ìÿ" 0018FF98 |7DEA9802 |Title = "ÇEüþÿÿÿè³GÿÿÂ" 0018FF9C |7EFDE000 \Style = MB_OK|MB_TASKMODAL|MB_NOFOCUS|7EFD4000
scorpion77 Posted September 18, 2019 Posted September 18, 2019 @usman23 Reveal hidden contents Look at the origin of the message displayed in the messagebox (the location shown as local.33). See how the message gets decoded in that location
usman23 Posted September 18, 2019 Posted September 18, 2019 @scorpion77 ok thanks i check on this location
_fuso_ Posted September 18, 2019 Posted September 18, 2019 Hi , It's me again Reveal hidden contents Can someone tell me what is going on with Morpheus? What should i do with his info. I tried many things but best.gif does not look good after applying his hints I am tired with this task. Thank you.
_fuso_ Posted September 18, 2019 Posted September 18, 2019 (edited) Reveal hidden contents Is it realated with GIF header in Morpheus? Edited September 18, 2019 by _fuso_
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now