parkur Posted January 29, 2023 Posted January 29, 2023 Hi, I'm studying Penetration Testing and part of the training obviously focuses on solving CTF challenges. You must be asking yourself how the name of the title is related to PT? Well, it's probably not that related, but there is a challenge that really caught my attention and I've been trying to solve it for a long time without success. The challenge contains a malicious file and the task is to investigate the file and find the FLAG hidden inside the file. So I will detail a bit about the malware and what I was able to understand from the code: Code details: Assembly - https://pastebin.com/asWi6a2M (IDA PRO) Decompiler - https://pastebin.com/4XmaQmZx (IDA PRO) Reports about the software from the Internet: https://www.hybrid-analysis.com/samp...8838953275522e https://www.joesandbox.com/analysis/332270/0/html What I understood: First of all, this is an executable file for Windows (EXE) and when I run the software in CMD I get an error "An error occurred" and the operation ends. Reading the code through IDA PRO you can see an Environment Variable called GREENIE, in my opinion everything starts here, and if I manage to discover the value of GREENIE I can move forward. It is also possible to notice other generic errors that exist in the software. I know that to solve the challenge, I would have to set up the environment properly and then follow the code, but I would need some direction because I am missing something. I got some guidance from someone who told me to learn about ENDIANNES, with emphasis on LITTLE ENDIAN. I read about it and the differences between BIG ENDIAN and LITTLE ENDIAN, but I couldn't really understand how it is reflected in the software. I would appreciate and thank anyone who takes the time to help. Download link for the software: https://easyupload.io/ikpzq3 It is important to know that this is software that is detected as MALWARE by Windows Defender, so it is recommended to open it in a virtual system. Thank you!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now