Category: Reverse Engineering
-
476f64’s easyAF
https://crackmes.one/crackme/5eae2d6633c5d47611746500 Determine the file type Use the file command to determine the file type. Test the program Strings Use strings to print the sequences of printable characters in files. Analyze Dissemble the program in GDB Test the program
-
linux_crackme by cyrex
https://crackmes.one/crackme/5ab77f5633c5d40ad448c2d6 Determine the file type Use the file command to determine the file type. Test the program Strings Use strings to print the sequences of printable characters in files. Analyze Dissemble the program in GDB The program will get an input and use strcmp to check and the jne instruction next. The password is stored…
-
exzettabyte’s JustSee
https://crackmes.one/crackme/5b81014933c5d41f5c6ba944 Determine the file type Use the file command to determine the file type Test the program Strings Use strings to print the sequences of printable characters in files Analyze Dissemble the program with GDB Peda Set a breakpoint at the test instruction. Run the program and observe the registers. Test the program
-
Crack a simple program with GDB
A simple explanation on using the GDB tool.
-
MalwareTech Challenges
The purpose of these challenges is to familiarize beginners with common malware techniques.
-
Practical Malware Analysis : Lab 3-3
Tools used: Questions Execute the malware found in the file Lab03-03.exe while monitoring it using basic dynamic analysis tools in a safe environment. 1. What do you notice when monitoring this malware with Process Explorer? Run the malware and check Process Explorer. Once the malware is executed it creates a svchost.exe and deletes itself. 2.Can…
-
Practical Malware Analysis : Lab 3-2
Tools used: Questions Analyze the malware found in the file Lab03-02.dll using basic dynamic analysis tools. 1.How can you get this malware to install itself? Use PEview to examine the malware. The malware can be installed with the following command rundll32.exe Lab03-02.dll,installA 2.How would you get this malware to run after installation? Before running the…
-
MAL: Malware Introductory
The start of a series of rooms covering Malware Analysis…
-
Practical Malware Analysis : Lab 3-1
Tools used: Questions 1. What are this malware’s imports and strings? The malware seems to be obfuscated. Check the strings 2. What are the malware’s host-based indicators? Start up Process Explorer , ProcMon , ApateDNS and execute the malware. Observe the lower pane view in handles and a mutant is found Observe the dll and…
-
Practical Malware Analysis : Lab 5-1 (TBC)
Tools used: Questions 1. What is the address of DllMain? 1000D02E 2. Use the Imports window to browse to gethostbyname. Where is the import located? .idata:100163CC 3.How many functions call gethostbyname? 9 times with 5 different sub routines. 4. Focusing on the call to gethostbyname located at 0x10001757, can you figure out which DNS request…
-
Reverse Engineering : Mathematical Functions
Let’s create a simple program to see how the code is disassembled. Disassemble the program in IDA Pro.
-
NoraCodes crackme02
https://github.com/NoraCodes/crackmes This crackme is similar to the previous but the password cant’ be seen with ltrace or strings. Test out the program Use ltrace Use strings Use IDA Pro to analyze the file. Password is hard coded Test out the password.
-
Reverse Engineering : Variables Initiation
Let’s create a simple program to see how the code is dissasembled. Disassemble the program in IDA Pro. Spaces are allocated for each variable and the values are then moved to the allocated spaces.
-
CTFLearn : Adoni Assembler Chall
https://ctflearn.com/challenge/1026 Test the program Analyze View the sourcecode The _printflag function is not stated in the _start function hence the flag will not be printed. Edit in the _printflag function in the _start function. Test the program
-
CTFlearn: Reykjavik
https://ctflearn.com/challenge/990 Determine the file type Use the file command to determine the file type Test the program Strings Use strings to print the sequences of printable characters in files Analyze Dissemble the program Using Ghidra we can see that the program utilizes the strcmp function with a userinput and flag. Use GDB-Peda to analyze the…
-
Demystify reverse engineering
https://drive.google.com/file/d/1oTERzqyVPbK8TImkkZyWsrnPfRNGYygN/view Determine the file type Use the file command to determine the file type Test the program Strings Use strings to print the sequences of printable characters in files Analyze Dissemble the program Use IDA Pro to analyze the program main function: The password is hardcoded The strcmp function is called to test the input…
-
HTB Challenge : Impossible Password
https://app.hackthebox.com/challenges/impossible-password Download the file and test out the program. Use strings for clues. Try with the found password. Use ltrace to observe the file. The program compares with a random string and exits. We see that the program holds the time , srand and malloc functions. The string comparison randomly changes by time. Disassemble Let’s…
-
NoraCodes crackme01
https://github.com/NoraCodes/crackmes Test out the program Use ltrace Use strings Test out the password.
-
HTB Challenge : Baby RE
https://app.hackthebox.com/challenges/baby-re Test the program. Use Ghidra to analyze the program. Key can also be located via strings command. Test the key
-
picoCTF : asm1
The source gives us a text file that contains Assembly code. The argument given is 0x6fa = 1786 To get the flag subtract 0x12 from 0x6fa.