pcmcia Posted October 5, 2021 Posted October 5, 2021 Can I get a nudge / hint on the rc4 and the formula for the ch#5? Can anyone dm me please?
kao Posted October 5, 2021 Author Posted October 5, 2021 2 hours ago, whitesocks said: I can't find anything about the signature used in these requests Spoiler ME0W is not the signature you're looking for. Search more, for example, adding "signature" to the query keywords.
barber Posted October 5, 2021 Posted October 5, 2021 (edited) 6 hours ago, barber said: Hello all, Could someone give me a nudge (maybe better in DM?) on level 6. I am not experienced with pcap's, I have trying for 4 days to find a start. But even with duckduckgo I can't figure out where to begin. Found it. Edited October 5, 2021 by barber
Rurik Posted October 5, 2021 Posted October 5, 2021 (edited) I've now spent more time trying to make muffins for Chal5 than I have for anything else this year, and am still trying. Now I see why everyone is dunking on this challenge 😡 Even though we all know what "number" they are referring to avoid having to make them [edit -- gave up on all their hints and clues and just bruteforced it ... and now the hints make sense once you see the answer] Edited October 12, 2021 by Rurik
Extreme Coders Posted October 5, 2021 Posted October 5, 2021 Indeed. Started late this year but managed to get all 10 done. Challenge 5 is literally the worst in my opinion. So much for guessing and making sense of all the weird recipes. 😂 2 1
pula3241 Posted October 11, 2021 Posted October 11, 2021 I have been stuck on ch9 for many days. Can someone please give me a hint? Spoiler I am not able to find the part about how the threads handle my packet after receiving the data.
tycolli Posted October 11, 2021 Posted October 11, 2021 (edited) Can anyone please help me on CH4 seems that I'm lost or to stupid to see the solution. Spoiler I found the second ... and also the fish strings Done it. Edited October 12, 2021 by tycolli
Extreme Coders Posted October 11, 2021 Posted October 11, 2021 @pula3241 Spoiler Tracking usage of IPC APIs is a good starting point. Mutex, Semaphore, Event objects. Would be easier after you've decoded all the apis resolved by hash. @tycolli Spoiler The exe has been compiled by a special tool. Similar to Flash Builder which generates an exe from SWFs. (This challenge is not about Flash though.) That tool can can also import the exe as a project. Would be easier to analyze of you go about this way. 1 1
DrSauerkraut Posted October 11, 2021 Posted October 11, 2021 Heya all o/ Wouldn't mind to get a few help around Chall #3. I got several steps validated but I'm stuck about what to do next. Spoiler I did get the layer order and all the books of armament, but I'm unable to extract any flag from there. I suppose I need to merge all armaments versions but how ? Thanks in advance :)
Extreme Coders Posted October 11, 2021 Posted October 11, 2021 @DrSauerkraut Spoiler Merging is just copying all the armaments from a specific layer to a directory while allowing overwrite. Order of copying is important as a later armament file will overwrite a same named file from before. And of course you can pull the ELF from the docker container to execute it directly on the system, without needing to tinker with the docker files. 1
DrSauerkraut Posted October 11, 2021 Posted October 11, 2021 Thanks Spoiler I just finished the merging of all files and I obtain kind of an ascii art. But no clue about what to do next 😕
tycolli Posted October 11, 2021 Posted October 11, 2021 41 minutes ago, DrSauerkraut said: Thanks Hide contents I just finished the merging of all files and I obtain kind of an ascii art. But no clue about what to do next 😕 You die not arrange them correctly
score1 Posted October 11, 2021 Posted October 11, 2021 Hi Im currently in Ch7 Got to the point when it tried to connect to the subdomain I made some changes to connect it send and recv but it keep looping should I edit the landing page? to make it like reading a command from page? any help would be appreciated DM is open
Oggy Posted October 12, 2021 Posted October 12, 2021 Hi, I'm on 9 and have some confusions Spoiler When I debug reach CryptImportKey, It always returns 0 (fail). Have I some mistakes??
kao Posted October 12, 2021 Author Posted October 12, 2021 @Oggy: Spoiler most likely - when you disabled anti-debug, you also disabled one critical piece of code and now challenge is not working properly. 1
ECX Posted October 12, 2021 Posted October 12, 2021 Hello, I think i need a little help in the end of CH#7. I think i have everything, but i don't know how to connect dots Does in CH#7 some kind of values are needed to be entered? I mean the situation that i need to pass a password or something? At the end there is decryption and some other 'operations'....but for me it does not depend on any input value. Am i right? I try to avoid spoilers so my description is at it is.
Brisco2077 Posted October 12, 2021 Posted October 12, 2021 Having a bit of trouble on CH8. Spoiler I know I'm supposed to decode that base64 blob but have tried searching for plaintext words like "function" or some of the longer 64 byte strings in the random functions the original code uses for obfuscation. I have also tried using the text input field names with no luck. Am I on the right path here or is there an easier way to find the key?
kao Posted October 12, 2021 Author Posted October 12, 2021 @Brisco2077: the idea is right, just some of your assumptions are incorrect.
Brisco2077 Posted October 12, 2021 Posted October 12, 2021 20 minutes ago, kao said: @Brisco2077: the idea is right, just some of your assumptions are incorrect. Sorry just so I'm understanding Spoiler The assumption that those words would be in the decoded output or something else I am doing?
m0nk Posted October 12, 2021 Posted October 12, 2021 Can't seem to figure out the second piece to Challenge 6 Spoiler I combined the messages in stream 0 to get the PE file which doesn't run. Haven't been able to figure out how to combine the patches in stream 1 into any meaningful data. Static analysis of the exe doesn't seem to be giving anything super helpful. Am I missing something obvious here?
kao Posted October 12, 2021 Author Posted October 12, 2021 @Brisco2077: Spoiler 28 minutes ago, Brisco2077 said: The assumption that those words would be in the decoded output Exactly that. @m0nk: Spoiler 28 minutes ago, m0nk said: Static analysis of the exe doesn't seem to be giving anything super helpful. Assuming you decompressed both streams correctly - static analysis should reveal how messages in stream 1 are encrypted.
0xccoxcc Posted October 13, 2021 Posted October 13, 2021 I have tracked all code of Ch7 and got some interesting strings but have no idea now. Some tips will be helpful. Spoiler 1. Tow Registry Key and I know how they generated. Computer\HKEY_CURRENT_USER\Software\Microsoft\Spel 0: 80 97 c4 90 xx xx xx xx ......... 1: ec 71 e8 67 xx xx xx .... 2. A String very closed to FLAG "l3rlcps_7r_vb33eehskc3" Now I don't know what to do..... Am I on the right way?
kao Posted October 13, 2021 Author Posted October 13, 2021 @0xccoxcc: Spoiler You have found 2 encrypted halves of the flag. What you do with them, is entirely up to you... 1
0xccoxcc Posted October 13, 2021 Posted October 13, 2021 14 minutes ago, kao said: @0xccoxcc: Reveal hidden contents You have found 2 encrypted halves of the flag. What you do with them, is entirely up to you... Done after a bath...I think that part just a guesswork....
kao Posted October 13, 2021 Author Posted October 13, 2021 Hehe, it's not the best part for sure. But still much much better than Challenge#5... 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now