Your first lab level 9
What was the first level 9 lab you conquered? :). It does not matter that you will seek advice from other giants, or that you will manage to complete it on your own: share your journey with us!; to get the token or become root on that server. I start: I think that my first conquest of Lab level 9 is related to debugging ByteCode in Java (and only a few days ago!): my background is Oracle, and from years ago, so imagine how lost I was :). After loading the project into the IDE (along with the required plugin) I started debugging bit by bit... until one particular string caught my attention; it stood out from the rest!. And it was the solution :). Good luck!
PowerShell Deobfuscation: Ep 8 help
I have been stuck on this EP for a week and haven't been able to progress. I am hoping someone can give me a hint to help me get through this one. Here is what I have done so far. I take the original encoded message and apply "FromBase64" and then "Raw Inflate" and I get the following data: You can see it outputs another command that also needs to decoded using the same steps above. That output gives you this... It outputs a string of characters but no obvious way to get this readable. I have tried bit-shifting, rotating characters, and a bunch of other tests and nothing has shown me anything that is remotely readable. I assume I am missing something simple but every time I read it back through, I don't see what I missed. Any help you can provide would be greatly appreciated.Halloween Labs - ideas, suggestions, wants 👻🎃🦇
What would you want to see from future Halloween labs? Did you really enjoy a particular aspect of previous years? Any technologies, themes, rewards you want to see? Want more Community content - webinars, events, media within the labs? 👻🎃🦇PowerShell Deobfuscation: Ep.9
Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help. Able to decode the first layer using frombase64 and raw inflate Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?Help with Foundational Static Analysis: 64-Bit Analysis
Hello everyone, I received this error while attempting to analyse the malware in this Lab with the default format settings that Ghidra assigned. I attempted to search for the API required in Exercise 1 (CreateProcessWithTokenW) but nothing came up in the Imports or the function list. Am I missing something? Thank you! :)
ICSE / Wireshark final exercice : how to rebuilt the Pdf?
Hi everyone, in the last exercise, I managed to rebuilt the pdf file and it is perfectly readable, however the md5 hash generated from it keeps on been wrong. Is there anything special to consider when rebuilding the file? My method for rebuilting it was to remove top an bottom part that are obviously not part of the pdf, and also the newline character at the end of the last line, then concatenate everything together with a cat command. Thanks in advance for any hint.
