CYBERYAMI CTF
REVERSE ENGINEERING AND MALWARE CHALLENGES ONLY
- MALWARE
a) Basic identification
I used strings command here .The file is packed using upx.
b)MalVBA-I
I used strings command too,and used grep .exe .
c)MalVBA-II
This was a little challenging . i used ole tools .solemnize is the name of stream 6706 . Use oledump and the flag is the name of the 6706 stream. https://spreadsecurity.github.io/2016/08/14/macro-malware-analysis.html
2 .REVERSE ENGINEERING
a)Easy success
b)Key Bank
Mostly using strings to solve is not the way intended by the guy who made the challenge . We use the privilege regardless.
c)Medium Hash
This binary is designed to :
lets use ghidra to solve some mysteries here haha.The binary is stripped so i find the main address using the entry function .
So the code is self explanatory … if condition is true it checks if string is true and then prints the flag.
d)Fil3s
So this too is stripped .
When you give an input it is compared with a value then if condition is false it opens standard output stream and writes to wrong.txt ,am guessing if the condition is true it would have created a correct.txt .
This clarifies that if the condition is true it will create a flag.txt file and write flag into it .Using ghidra i saw a condition comparing some value to 56 , so lets give it a shot .
Great and the value is true , check the code with ghidra for better understanding .
Thanks for you time :)
