reversing

Category: rev Solver: rgw, 3mb0, Greenscreen23, SchizophrenicFish2nds Flag: GPNCTF{B4CKD00R3D_4G41N_d2d4ebde} Writeup This challenge is about a modified version of the XZ backdoor. There is a remote server with its SSH port exposed. We get a modified version of xz version 5.6.0. We first check which files are different between the original xz and the modified version: $ diff -r xz-old/xz-5.6.0/ xz-safe/xz-5.6.0/ Binary files xz-old/xz-5.6.0/tests/files/good-large_compressed.lzma and xz-safe/xz-5.6.0/tests/files/good-large_compressed.lzma differ We follow the writeup at [1] to reverse engineer the backdoor....

AHHH The field is full of mines! Screw it! I am going in! Authors: @moaath, @Liikt Category: Reversing Solver: lukasrad02 Flag: ENO{H0p3fully_Y0ur_M1ND_D1D_G3t_scr3w3D} Scenario The challenge only consists of a single PowerShell script: ( 'wcyd'|%{${#/~} =+ $()}{ ${@}=${#/~}} { ${/.} = ++${#/~}}{ ${*~}=(${#/~} =${#/~} +${/.})} {${$./} =(${#/~}= ${#/~} + ${/.} )}{${)@}=( ${#/~}=${#/~}+${/.} )} { ${'} =(${#/~} =${#/~}+ ${/.}) } { ${;} = ( ${#/~}=${#/~} + ${/.}) } {${ *-}= ( ${#/~}=${#/~}+${/....

After following a series of tips, you have arrived at your destination; a giant vault door. Water drips and steam hisses from the locking mechanism, as you examine the small display - “PLEASE SUPPLY PASSWORD”. Below, a typewriter for you to input. You must study the mechanism hard - you might only have one shot… Category: Reversing Solver: s3rpentL0ver Flag: HTB{vt4bl3s_4r3_c00l_huh} Writeup The challenge is downloaded via a zip file....

We received this strange advertisement via pneumatic tube, and it claims to be able to do amazing things! But we there’s suspect something strange in it, can you uncover the truth? Category: reversing Solver: rgw, 3mbo Flag: HTB{33zy_VBA_M4CR0_3nC0d1NG} Writeup For this challenge, we can download a zip file. When unpacking it, we see a single file Upgrades.pptm. When opening the presentation in LibreOffice, we immediately find that it contains macros:...

I wrote this advanced program to only work on my computer but I think I might have made a mistake somewhere, as I can’t even confirm my own identity. Category: reversing Solver: t0b1 Flag: HTB{Id3nt1ty_c0nf1rmat1on} Writeup In this challenge we get a Windows executable. We open it up in Ghidra to see what it does. The main function is printing Starting to confirm identity... and then calls the RegOpenKeyExA function with Control Panel\Desktop as the argument....

A brave warrior stands in front of the harshest enemy, a untouchable evil spirit who possesses his allies. Will they be able to overcome this enemy? Category: reversing Solver: 3mb0, HTTP418, mp455 Flag: HTB{Retr0_Kunai} Writeup We found ourself here in a reversing challenge. So - as we were used to - we prepare for a static binary analysis. Open Ghidra and install the GhidraBoy [1] to inspect the Game Boy ROM....

During your usual crop field stroll you were abducted by aliens. Luckily you were able to escape their grip and flee to an escape pod, but alas starting it requires a key code. Figure out how this strange mechanism works and return to earth. Category: reversing Solver: t0b1 Flag: HTB{_3st3r31K3yP4d_} Writeup In this challenge we get a binary. We start by analyzing it in Ghidra and find the following main function (we already renamed the functions to be more readable)....

Our new conspiracy theorist intern has blocked everyone from the coffee machine because he saw that aliens were trying to steal the “out of the world” secret recipe. Your mission is to unveil the secrets that lie behind his profound madness and teach him a javaluable lesson. Category: Reversing Solvers: t0b1, lmarschk TL;DR This challenges was very nice but also hell of a ride. The main thing being done here is to use the Java Native Interface (JNI) to run a JVM from native C++ code....

During a routine check on our servers we found this suspicious binary, but when analyzing it we couldn’t get it to do anything. We assume it’s dead malware but maybe something interesting can still be extracted from it? HTB{m1N1m411st1C_fL4g_pR0v1d3r_b0T} Category: Reversing Solver: Pandoron Writeup We start by trying to execute this binary on a linux system, since this is an ELF64 binary, which immediately returns with an exception: “EXCEPTION! ABORT”:...

I’ve been once told that my name is difficult to pronounce and since then I’m using it as a password for everything. Category: Reversing Solver: t0b1 Writeup We get a binary called my_name_is. Running the file command tells us that it is a 32-bit, dynamically linked executable. It also shows that the binary is not stripped, which is useful when decompiling it. $ file my_name_is my_name_is: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux....

A brave warrior stands in front of the harshest enemy, a untouchable evil spirit who possesses his allies. Will he be able to overcome this enemy?A brave warrior stands in front of the harshest enemy, a untouchable evil spirit who possesses his allies. Will he be able to overcome this enemy? Category: Reverse Solver: t0b1, lmarschk For this challenge, the gameboy rom was supplied. Walkthrough Download the binary Find out it is a gameboy rom apt install visualboyadvance VisualBoyAdvance Patchofthe_Ninja....