Jump to content
Tuts 4 You

Recommended Posts

Extreme Coders

@muppet

35 minutes ago, muppet said:

But is the data really supposed to be jibberish when I look at what input data generated that ciphertext ?

If you're doing it right it should decrypt to well formed and valid data with a recognizable header.

Share this post


Link to post
_fuso_

Hello, again :)

I have a question in Mugatu task.

Can someone confirm that the URL in EXE related with POST is necessary?  I am asking becasue i don't know if it is not working or is down and I am going in wrong direction. I see request to it but no response...So am doing something wrong or there is a problem with flare-on.com subdomain. Thank you for hints.

 

Share this post


Link to post
kao

@_fuso_: there is no problem with flare-com subdomain. It was never working, and challenge can be solved without that.

Share this post


Link to post
bandit

Any hints for #12?

Spoiler

I've got the dlls and have a fair idea of what they do (specifically crypto).

But when i try to decipher  the 7777 packets all I get is non-printable gibberish.

 

Share this post


Link to post
Extreme Coders

@bandit

Spoiler

Beside the DLLs there are also other drivers that deal with crypto.

 

Share this post


Link to post
scorpion77
19 hours ago, Extreme Coders said:

@scorpion77 Yes it does.

@muppet

  Reveal hidden contents

The changes made to the IL are to the operands of the instructions (not the opcodes themselves). So you can use "Edit IL Instructions..." to make the necessary changes.

 

Thank you all who helped!!  Now onto the 7th one.

Share this post


Link to post
Geordeaux
On 9/2/2019 at 5:10 PM, scorpion77 said:

And finally the right tools!!! Like someone mentioned on twitter. The flag was looking straight at me :D Thank you folks

 

Hey, Which tools did you use besides ninja ripper?

Share this post


Link to post
scorpion77
4 minutes ago, Geordeaux said:

Hey, Which tools did you use besides ninja ripper?

I used blender - another hint the mesh file wont directly load in blender though ;)

Edited by scorpion77 (see edit history)

Share this post


Link to post
kao

Guys, please remember to use "spoiler" tags.. ;)

Share this post


Link to post
Geordeaux
50 minutes ago, scorpion77 said:

I used blender - another hint the mesh file wont directly load in blender though ;)

THANK YOU! I've been trying to use 3d studio max with no success

Share this post


Link to post
scorpion77
37 minutes ago, kao said:

Guys, please remember to use "spoiler" tags.. ;)

Sorry about that

Share this post


Link to post
usman23

i am stuck at flare-on  challenge #2

any body  give any suggestion

Share this post


Link to post
usman23

i am stuck at flare-on  challenge #2

any body  give any suggestion

any help

Share this post


Link to post
scorpion77

@usman123

at what point are you stuck. If you can tell what you tried and at what point you dont know how to move forward I could give hints

Share this post


Link to post
bandit

@Extreme Coders:

Spoiler

Thanks. I've figured out the encryption but what i don't get is presence of both encrypted and plaintext blocks of traffic. Might still be missing something here. Any hints?

 

Share this post


Link to post
Extreme Coders

@bandit

Spoiler

All of the relevant traffic is encrypted once or more than once and sometimes compressed (if you aren't taking that into account).
The plaintext traffic in the pcap isn't of interest.

 

Edited by Extreme Coders
Add some useful info (see edit history)

Share this post


Link to post
Geordeaux
21 hours ago, Geordeaux said:

THANK YOU! I've been trying to use 3d studio max with no success

Spoiler

I've figured out how to produce the .rip files but like you said I'm having trouble tryingto figure out how to load the mesh files in blender. Can I manually create the mesh with the data from the .rip?

 

Share this post


Link to post
Geordeaux
Spoiler

I've figured out how to produce the .rip files but like you said I'm having trouble tryingto figure out how to load the mesh files in blender. Can I manually create the mesh with the data from the .rip?

 

Share this post


Link to post
usman23

@scorpion77

i want to find string in second challenge i use ollydbg. after show messagebox i enter nop  and run next messegebox then encoded string found in stack like this

0018FF8C   7DD7343D  /CALL to MessageBoxA from kernel32.7DD7343B
0018FF90   7EFDE000  |hOwner = 7EFDE000
0018FF94  /0018FFD4  |Text = "ìÿ"
0018FF98  |7DEA9802  |Title = "ÇEüþÿÿÿè³GÿÿÂ"
0018FF9C  |7EFDE000  \Style = MB_OK|MB_TASKMODAL|MB_NOFOCUS|7EFD4000

i don't know how decoded  any suggestion

Share this post


Link to post
scorpion77

@usman23

Spoiler

What do you see when you run the exe? You get a message in the message box. Where and how did that message come from? Look a little further

 

Share this post


Link to post
usman23

@scorpion77

when i RETN 10 convert to NOP and highlightted message box instruction run then this input shown

0018FF8C   7DD7343D  /CALL to MessageBoxA from kernel32.7DD7343B
0018FF90   7EFDE000  |hOwner = 7EFDE000
0018FF94  /0018FFD4  |Text = "ìÿ"
0018FF98  |7DEA9802  |Title = "ÇEüþÿÿÿè³GÿÿÂ"
0018FF9C  |7EFDE000  \Style = MB_OK|MB_TASKMODAL|MB_NOFOCUS|7EFD4000

Screenshot (59).png

Share this post


Link to post
scorpion77

@usman23

 

Spoiler

Look at the origin of the message displayed in the messagebox (the location shown as local.33). See how the message gets decoded in that location

 

Share this post


Link to post
usman23

@scorpion77

ok thanks i check on this location

Share this post


Link to post
_fuso_

Hi ,

It's me again :)

Spoiler

Can someone tell me what is going on with Morpheus? What should i do with his info. I tried many things but best.gif does not look good after applying his hints

I am tired with this task.

Thank you.

Share this post


Link to post
_fuso_

 

Spoiler

Is it realated with GIF header in Morpheus?

 

Edited by _fuso_ (see edit history)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...