reversemedium

Три Лика Тени (Three Faces of Shadow)

hackerlab

Task: PE64 Windows binary with massive obfuscation — anti-debug, custom VM, fake flags, Braille art distractions, and obfusheader decoys — all red herrings. Solution: discovered patched _cexit CRT function jumping to hidden code in .idata section that decrypts the real flag via byte subtraction (0x69).

$ ls tags/ techniques/

pe64 obfuscation mingw red_herring windows_pe anti_debug custom_vm crt_hooks idata_injection braille_art obfusheader fake_flags

cexit_patching_detectioncrt_exit_flow_analysisidata_section_code_injectionbinary_patching_detectionsubtraction_cipher_reversalred_herring_elimination

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub to get started.

$ssh [email protected]