Hi, I’m studying Penetration Testing and part of the training obviously focuses on solving CTF challenges.
You must be asking yourself how the name of the title is related to PT? Well, it’s probably not that related, but there is a challenge that really caught my attention and I’ve been trying to solve it for a long time without success.
The challenge contains a malicious file and the task is to investigate the file and find the FLAG hidden inside the file.
So I will detail a bit about the malware and what I was able to understand from the code:
Assembly - Assembly code - Pastebin.com (IDA PRO)
What I understood:
First of all, this is an executable file for Windows (EXE) and when I run the software in CMD I get an error “An error occurred” and the operation ends.
Reading the code through IDA PRO you can see an Environment Variable called GREENIE, in my opinion everything starts here, and if I manage to discover the value of GREENIE I can move forward.
It is also possible to notice other generic errors that exist in the software.
I know that to solve the challenge, I would have to set up the environment properly and then follow the code, but I would need some direction because I am missing something.
I got some guidance from someone who told me to learn about ENDIANNES, with emphasis on LITTLE ENDIAN.
I read about it and the differences between BIG ENDIAN and LITTLE ENDIAN, but I couldn’t really understand how it is reflected in the software.
I would appreciate and thank anyone who takes the time to help.
Download link for the software:
It is important to know that this is software that is detected as MALWARE by Windows Defender, so it is recommended to open it in a virtual system.