Web – Return Of The Robots

		&ltscript type="text/javascript">
			function r(n){for(var r=0,o=0,e="",t=0;t&ltn.length;t++)n[t].toLowerCase()!=n[t]&&(r+=1),8==++o?(e+=String.fromCharCode(r),r=0,o=0):r&lt&lt=1;alert(e)}
            function auth(n){if("SzMzcFQjM1IwYjB0JDB1dA=="==btoa(n))var a="mYSqyDYmwBYzNOdhnLDzljcTtTIpiVBCjIHOAmJNmNSXrkIvyQRaTOLJhQWmroOrdJRfSTVZdBZQsYajfJPGxrWMfVqRPCQKdCuVjgSQtPyScJkkzJapmwyDiXXCRieNxVEYRBQmfFBsUAQKuLQMfTgTrEMAuIyiyoJzhvcZevLhhzvLlgFyzaoKmKCGJNlY";else a="sRnDjXnrzAZVoxXnjSWLUoyWtgQpzziflCuxapkGjYEcrUADyMZlgunEaXLqYncWlHGpIVMvltZxveoE";r(a)}
		&lth1>No Robots Allowed

&ltlabel for=”userPassword”>Password: &ltinput id=”userPassword” type=”password” required> &ltinput type=”submit” value=”Submit” onclick=”auth(userPassword.value);”> &ltbody> &lt/html>

Base64 decode SzMzcFQjM1IwYjB0JDB1dA== –> K33pT#3R0b0t$0ut

Web – Diego’s Gallery

Network – Ping Pong

import re
import socket
c = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
data = c.recv(4096)
while True:
	data2 = c.recv(4096)
	print data2
	num =": (.*?)\n",data2).group(1).strip()
	print "Sending Num: " + num+"\n"

Surprise – Test My Patience

By opening IDA we can see that the binary is probably obfuscated.

Trying to run a debugger while running the binary we stumble on a Themida error.
Now as far i know trying to debug Themida protected binary is real difficult and probably not the intended way to get the number we need.

Before i go any further i try to run it without any debuggers/monitoring programs.
Of course the binary is running in a safe VM.

Fuzzing a bit lead me to assume the input is 15 characters.

Using Process Explorer we can view parts of the memory,
looking at 15 length strings, we see 661885857745456.

One thought on “Checkpoint”

  1. June 4, 2019 1:29 am

    Excellent site you’ve got here.. It’s hard to find high-quality writing like yours nowadays. I truly appreciate individuals like you! Take care!!

Post a Comment

Your email address will not be published. Required fields are marked *