Jump to content
Tuts 4 You

Flare-On 8


Recommended Posts

2 hours ago, whitesocks said:

I can't find anything about the signature used in these requests

 

Spoiler

ME0W is not the signature you're looking for. Search more, for example, adding "signature" to the query keywords. :)

Link to comment
6 hours ago, barber said:

Hello all,

 

Could someone give me a nudge (maybe better in DM?) on level 6.

I am not experienced with pcap's, I have trying for 4 days to find a start. But even with duckduckgo I can't figure out where to begin.

Found it.

Edited by barber
Link to comment

I've now spent more time trying to make muffins for Chal5 than I have for anything else this year, and am still trying. Now I see why everyone is dunking on this challenge 😡

Even though we all know what "number" they are referring to avoid having to make them :D 

 

[edit -- gave up on all their hints and clues and just bruteforced it ... and now the hints make sense once you see the answer]

Edited by Rurik
Link to comment
Extreme Coders

Indeed. Started late this year but managed to get all 10 done.

Challenge 5 is literally the worst in my opinion. So much for guessing and making sense of all the weird recipes. 😂

  • Like 2
  • Haha 1
Link to comment

I have been stuck on ch9 for many days. Can someone please give me a hint?

Spoiler

I am not able to find the part about how the threads handle my packet after receiving the data.

 

Link to comment

Can anyone please help me on CH4 seems that I'm lost or to stupid to see the solution.

Spoiler

I found the second ... and also the fish strings

Done it.

Edited by tycolli
Link to comment
Extreme Coders

@pula3241

Spoiler

Tracking usage of IPC APIs is a good starting point. Mutex, Semaphore, Event objects.
Would be easier after you've decoded all the apis resolved by hash.

@tycolli

Spoiler

The exe has been compiled by a special tool.  Similar to Flash Builder which generates an exe from SWFs. (This challenge is not about Flash though.)
That tool can can also import the exe as a project. Would be easier to analyze of you go about this way.

  • Like 1
  • Thanks 1
Link to comment
DrSauerkraut

Heya all o/

Wouldn't mind to get a few help around Chall #3. I got several steps validated but I'm stuck about what to do next.

 

Spoiler

I did get the layer order and all the books of armament, but I'm unable to extract any flag from there. I suppose I need to merge all armaments versions but how ?

Thanks in advance :)

Link to comment
Extreme Coders

@DrSauerkraut

Spoiler

Merging is just copying all the armaments from a specific layer to a directory while allowing overwrite. Order of copying is important as a later armament file will overwrite a same named file from before.
And of course you can pull the ELF from the docker container to execute it directly on the system, without needing to tinker with the docker files.

  • Like 1
Link to comment
DrSauerkraut

Thanks :)

Spoiler

I just finished the merging of all files and I obtain kind of an ascii art. But no clue about what to do next 😕

 

Link to comment
41 minutes ago, DrSauerkraut said:

Thanks :)

  Hide contents

I just finished the merging of all files and I obtain kind of an ascii art. But no clue about what to do next 😕

 

You die not arrange them correctly ;)

Link to comment

Hi Im currently in Ch7 

Got to the point when it tried to connect to the subdomain

I made some changes to connect 

it send and recv but it keep looping 

should I edit the landing page? to make it like reading a command from page? 

 

any help would be appreciated 

DM is open 

Link to comment

Hi, I'm on 9 and have some confusions

Spoiler

When I debug reach CryptImportKey, It always returns 0 (fail). Have I some mistakes??

 

Link to comment

@Oggy:

Spoiler

most likely - when you disabled anti-debug, you also disabled one critical piece of code and now challenge is not working properly.

 

  • Like 1
Link to comment

Hello, 

I think i need a little help in the end of CH#7. I think i have everything, but i don't know how to connect dots :)

Does in CH#7 some kind of values are needed to be entered? I mean the situation that i need to pass a password or something? 

At the end there is decryption and some other 'operations'....but for me it does not depend on any input value. Am i right?

I try to avoid spoilers so my description is at it is. :)

 

Link to comment
Brisco2077

Having a bit of trouble on CH8.

Spoiler

I know I'm supposed to decode that base64 blob but have tried searching for plaintext words like "function" or some of the longer 64 byte strings in the random functions the original code uses for obfuscation. I have also tried using the text input field names with no luck. Am I on the right path here or is there an easier way to find the key?

 

Link to comment
Brisco2077
20 minutes ago, kao said:

@Brisco2077: the idea is right, just some of your assumptions are incorrect.

Sorry just so I'm understanding

Spoiler

The assumption that those words would be in the decoded output or something else I am doing?

 

Link to comment

Can't seem to figure out the second piece to Challenge 6

Spoiler

I combined the messages in stream 0 to get the PE file which doesn't run. Haven't been able to figure out how to combine the patches in stream 1 into any meaningful data. Static analysis of the exe doesn't seem to be giving anything super helpful. Am I missing something obvious here?

 

Link to comment

@Brisco2077:

Spoiler
28 minutes ago, Brisco2077 said:

The assumption that those words would be in the decoded output

Exactly that. :) 

@m0nk:

Spoiler


28 minutes ago, m0nk said:

Static analysis of the exe doesn't seem to be giving anything super helpful.

Assuming you decompressed both streams correctly - static analysis should reveal how messages in stream 1 are encrypted. 

 

Link to comment

I have tracked all code of Ch7 and got some interesting strings but have no idea now. Some tips will be helpful.

Spoiler

1. Tow Registry Key and I know how they generated.

    Computer\HKEY_CURRENT_USER\Software\Microsoft\Spel

    0: 80 97 c4 90 xx xx xx xx .........

    1: ec 71 e8 67 xx xx xx ....

2. A String very closed to FLAG "l3rlcps_7r_vb33eehskc3"

 

Now I don't know what to do..... Am I on the right way?

Link to comment
14 minutes ago, kao said:

@0xccoxcc:

  Reveal hidden contents

You have found 2 encrypted halves of the flag. What you do with them, is entirely up to you... :)

 

Done after a bath...I think that part just a guesswork....

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...