Washi Posted August 31, 2022 Share Posted August 31, 2022 Fasten your seatbelts; Flare-On 9 starts on September 30! https://www.mandiant.com/resources/blog/announcing-ninth-flareon-challenge 3 Link to comment Share on other sites More sharing options...
kao Posted August 31, 2022 Share Posted August 31, 2022 The timing couldn't be worse... but I'm still going to enjoy it immensely! Link to comment Share on other sites More sharing options...
f355 Posted October 1, 2022 Share Posted October 1, 2022 hey anyone is playing? Link to comment Share on other sites More sharing options...
bluedevil Posted October 1, 2022 Share Posted October 1, 2022 7th challenge (anode) is a 55mb nodejs executable. Now waiting disassembler for loading it. Link to comment Share on other sites More sharing options...
w00she Posted October 1, 2022 Share Posted October 1, 2022 (edited) Any tips on how to approach the third challenge ? Edited October 2, 2022 by w00she Link to comment Share on other sites More sharing options...
Coca Posted October 2, 2022 Share Posted October 2, 2022 6 hours ago, w00she said: Any tips on how to approach the third challenge ? Spoiler U = up  Link to comment Share on other sites More sharing options...
Coca Posted October 2, 2022 Share Posted October 2, 2022 About the ch4, the VirtualAlloc function is only a decoy? thx Link to comment Share on other sites More sharing options...
Rol Posted October 2, 2022 Share Posted October 2, 2022 I also have problem this challenge. I try have put BP into "SDL_TEXTEDITING" and "SDL_TEXTINPUT" but It is not working Link to comment Share on other sites More sharing options...
Ralf Posted October 2, 2022 Share Posted October 2, 2022 3 hours ago, Coca said: About the ch4, the VirtualAlloc function is only a decoy? thx it's very important  for get correct strings Link to comment Share on other sites More sharing options...
deepzero Posted October 2, 2022 Share Posted October 2, 2022 > About the ch4, the VirtualAlloc function is only a decoy? thx no > I try have put BP Keep looking. For example Spoiler remember the action happens when you hit return key  Quick question regarding challenge 5, is it possible to solve this offline without data from the flare-on server? or is an online connection required? Link to comment Share on other sites More sharing options...
kao Posted October 2, 2022 Share Posted October 2, 2022 (edited) @deepzero: all FLARE challenges can be solved offline. EDIT: to clarify - you don't need to communicate with flare-on servers. But you might consider making your own server for... something... Edited October 2, 2022 by kao 1 Link to comment Share on other sites More sharing options...
Aeri Posted October 2, 2022 Share Posted October 2, 2022 Hi, Can someone give me a small hint for ch6 ? I really don't get it right now. Something is obviously missing. Am I supposed to work with the provided sample ? I though it would be related to some past challenge's binaries, but nothing can interact with it ... This is a bit frustrating to face something like this Link to comment Share on other sites More sharing options...
f355 Posted October 2, 2022 Share Posted October 2, 2022 anyone can give me a hint on ch4? Spoiler Patched the exe so now I can enter passwords for the binary and see if that returns the flag. Should I write a brute forcer for the password?  Link to comment Share on other sites More sharing options...
w00she Posted October 3, 2022 Share Posted October 3, 2022 Congrats @kao 1 Link to comment Share on other sites More sharing options...
Aeri Posted October 3, 2022 Share Posted October 3, 2022 9 hours ago, f355 said: anyone can give me a hint on ch4?  Hide contents Patched the exe so now I can enter passwords for the binary and see if that returns the flag. Should I write a brute forcer for the password?  Spoiler Patching may not be the right approach. Bruteforcing is definitively not the right approach. Maybe what you've patched is acting as a way to check if the password is correct ... Take the time to understand what you've patched. It's here for a reason.  Link to comment Share on other sites More sharing options...
w00she Posted October 3, 2022 Share Posted October 3, 2022 Congrats @Washi 1 1 Link to comment Share on other sites More sharing options...
vfsrfs Posted October 4, 2022 Share Posted October 4, 2022 hi can some give me a hint for ch6? Any help would be greatly appreciated. Spoiler Found the client code (dotNet), but I have no idea where to look for the server code. Â Link to comment Share on other sites More sharing options...
loossy Posted October 4, 2022 Share Posted October 4, 2022 hello I'm on challenge 5. I'm doing an analysis, but I don't know what points to look at. Could you give me a little hint? Link to comment Share on other sites More sharing options...
Washi Posted October 4, 2022 Author Share Posted October 4, 2022 3 hours ago, loossy said: I'm doing an analysis, but I don't know what points to look at.  Spoiler You have a network trace, and an executable that generated it somehow. Find out how it did it  Link to comment Share on other sites More sharing options...
Washi Posted October 4, 2022 Author Share Posted October 4, 2022 @vfsrfs Spoiler It's all in the same program, just maybe not in the place you may expect it from a typical .NET application... Â Link to comment Share on other sites More sharing options...
endered Posted October 5, 2022 Share Posted October 5, 2022 Hi, could someone give me a hint on ch7 pls? Spoiler Can I solve it just by relying on that JS code alone? I didn't find any more valuable code other than JS code. But the JS code doesn't behave the same way as binary when I run it locally, there is an apparently weird `if` condition that doesn't trigger when executing the binary. Â Link to comment Share on other sites More sharing options...
kao Posted October 5, 2022 Share Posted October 5, 2022 (edited) @endered:Â Spoiler 6 hours ago, endered said: JS code doesn't behave the same way as binary when I run it locally Figure out why is that and how to work around it. Â Edited October 5, 2022 by kao Link to comment Share on other sites More sharing options...
er3zoid Posted October 5, 2022 Share Posted October 5, 2022 (edited) . Edited October 11, 2022 by er3zoid Link to comment Share on other sites More sharing options...
Even Posted October 6, 2022 Share Posted October 6, 2022 Could I talk through my thought process with someone here on 6? I believe I'm looking at the pertinent part of the binary, and I've made progress and have written it up in notes and can discuss how I've made it this far, but I could use a sanity check. Link to comment Share on other sites More sharing options...
loossy Posted October 6, 2022 Share Posted October 6, 2022 I'm doing challenge 5. The first communication was decrypted, but a binary that did not know what it meant came out. In the second communication, it was "CLR" and could not be decrypted. Are there any points I should focus on? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now