Тот сайт с GitHub (That site from GitHub)

hackerlab

Task: Analyze a suspicious website archive cloned from GitHub. Solution: Found hidden malicious code in update.sh script (97KB with empty lines hiding base64-encoded Python that creates and executes a hidden ELF binary), extracted the binary and found the flag using strings.

strings_analysis supply_chain shell_script_analysis base64_encoding hidden_binary elf_extraction malware_hiding github_clone

Suspicious shell script analysisBase64 decoding of hidden payloadsEmbedded binary extraction from scriptsELF binary strings analysis

$ ls tags/ techniques/

strings_analysis supply_chain shell_script_analysis base64_encoding hidden_binary elf_extraction malware_hiding github_clone

Suspicious shell script analysisBase64 decoding of hidden payloadsEmbedded binary extraction from scriptsELF binary strings analysis

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[misc][Pro]Git Secrets (e9d0e0f2-1069-4f72-9d56-398c01c0a960)— hackerlab
[misc][Pro]По крупицам (Bit by Bit)— hackerlab
[osint][Pro]GitHub Email OSINT— hackerlab
[forensics][Pro]Слив флагов (Flag Leak)— bug-makers
[infra][Pro]SecretShell— alfactf