reversePromedium

Весёлый EXE (Funny EXE)

hackerlab

Task: a MinGW PE32+ that trolls with meme wallpapers/sounds; the real flag check runs from the CRT startup after main returns, talking a custom TCP protocol to a hardcoded C2. Solution: locate the hidden post-main function via xrefs, replay the PASS protocol to a live server to obtain the keystream + encrypted flag, then invert the self-inverting per-byte cipher by brute-forcing printable chars.

$ ls tags/ techniques/

network_protocol mingw x86_64 decoy anti_analysis pe32plus byte_wise_encryption c2_protocol

post_main_crt_hijackxref_followingnetwork_protocol_replaybyte_transform_inversionbrute_force_per_bytelive_server_keystream_extraction

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[reverse][Pro]It's over— hackerlab
[reverse][Pro]Разминка (Warmup)— hackerlab
[misc][Pro]good-vibes— dicega
[forensics][Pro]Чувак, где мой флаг? (Dude, Where's My Flag?)— hackerlab
[misc][Pro]Любимый FTP— hackerlab