Tag Archives: ctf

PAN LabyREnth CTF – Windows #6

Sample: 3968259859f056853fc7efd2b858b3fcf0d7147a9c7f40049e5c2e131718a1d7 (PW: infected) file Ambrosius.exe Ambrosius.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit In this challenge, you have to find the correct key to encrypt the flag. The flag is encrypted with RC4 and can be found in an … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on PAN LabyREnth CTF – Windows #6

PAN LabyREnth CTF – Windows #5

Sample: f919ed81cd4b78fdff54f8f34ac10e07079814e2eaee08bb3fb4fc19c3301f26 (PW: infected) file RGB.exe RGB.exe: PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly Compared to the challenge before, this one was pretty easy. You need to adjust the controllers to the right value in order to get the … Continue reading

Posted in Reverse Engineering, Uncategorized | Tagged , | Comments Off on PAN LabyREnth CTF – Windows #5

PAN LabyREnth CTF – Windows #4

Sample: 3dd0d247d51df1e9c8ae594089c82608792f6bbc376e102aee52ad7c1baa91ab (PW: infected) file JugsOfBeer.exe JugsOfBeer.exe: PE32+ executable for MS Windows (GUI) Mono/.Net assembly This is a x64 Binary which is asking for a valid serial number. So you need to find the function which is checking input. In order to … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on PAN LabyREnth CTF – Windows #4

PAN LabyREnth CTF – Windows #3

Sample: 57174eac6975871458d393301bbaa67e799e85ed66fefb912875152581eb2f79 (PW: infected) file SquirtleChallenge.exe SquirtleChallenge.exe: PE32 executable for MS Windows (console) Intel 80386 32-bit Starting the sample, you will be prompted for a password. So the next thing is to find out the password. After loading the file in IDA … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on PAN LabyREnth CTF – Windows #3

PAN LabyREnth CTF – Windows #2

Sample: 351ff406e49f28518315e99a87e5020ec031883c69c291f86b6abe99b2d7c4ef (PW: infected) file BabbySay.exe BabbySay.exe: PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly The second sample was a really funny one. Starting the file will show a keyboard and after hard thinking I came to the conclusion that … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on PAN LabyREnth CTF – Windows #2

PAN LabyREnth CTF – Windows #1

Sample: 61921d13ef1be2285301fceafa6ecd3d0a01d45f71fe620149975d63e92d3612 (PW: infected) file AntiD.exe AntiD.exe: PE32 executable for MS Windows (console) Intel 80386 32-bit The file is packed with UPX but unfortunately, it cannot be unpacked the easy way with UPX. You must unpack it manually. However, there are … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on PAN LabyREnth CTF – Windows #1

Flare-On 2015 #2

Here we go again with my solution for challenge 2.

Again there is a little bit of XOR’ing and a little bit of bit-shifting. The function which is checking the password starts at address 401084 (see the screenshot). The loop … Continue reading

Posted in Reverse Engineering | Tagged , | Comments Off on Flare-On 2015 #2

Flare-On 2015 #1

Here we go again for the annual Fireeye Flare-On challenge. Unfortunately it started during my summer holidays so I did not have enough time to complete the whole challenge (I guess, I’m also not skilled enough but anyways..). Although the solutions are … Continue reading

Posted in Uncategorized | Tagged , | 1 Comment