reversemedium

Обычная капибара (Usual Capybara)

hackerlab

Task: UPX-packed PE64 with oversized .data section containing a decoy JPEG dropper and a hidden XOR-encrypted PE binary. Solution: unpack UPX, discover hidden PE via single-byte XOR 0xFA, extract it, identify AES-128-CBC parameters from OpenSSL-linked code, decrypt embedded image to reveal flag.

$ ls tags/ techniques/

openssl pe64 static_analysis xor mingw aes_cbc hidden_binary upx windows_pe multi_layer embedded_pe

upx_unpackingsingle_byte_xor_decryptionembedded_pe_extractionaes_128_cbc_decryptionopenssl_static_analysishex_string_as_raw_key

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub to get started.

$ssh [email protected]