Download additional_samples.zip from this module’s resources (available at the upper right corner) and transfer the .zip file to this section’s target. Unzip additional_samples.zip (password: infected) and use IDA to analyze orange.exe. Enter the registry key that it modifies for persistence as your answer. Answer format: SOFTWARE____
&&&
Download additional_samples.zip from this module’s resources (available at the upper right corner) and transfer the .zip file to this section’s target. Unzip additional_samples.zip (password: infected) and use IDA to analyze orange.exe. Enter the name of the function that is holding the name of the file intrenat.exe that orange.exe drops as your answer. Answer format: sub_4XXXX3
These two questions within the code analysis section require you to download a zip file from the HTB academy webpage in order to decompile and analyse the requested .exe’s within IDA. As an individual who uses Mac and the Parrot/RDP instance provided I am not sure how to get the .zip file across to the Windows instance. I tried:
Signing into my academy.htb account via windows; No internet connection
Signing into my academy.htb linux and scp’ing; Port 22 is closed.
Downloading on my Mac and installing my own Windows VM; my Mac refused the download due to “dangerous file”.
How am I supposed to complete this section? I spent 100 squares on this mf.
For the first question, I dug through all the functions and spent 5 hours. The answer is no where to be found but there is a clue: Hkey. Utilize all resources! GLHF.
In the PWNBox, ensure you configure the environment properly, then use the pwn library to set breakpoints and step through the code. Check documentation for step-by-step guidance.
I am also stuck. The Text view for orange.exe for the RegOpenKeyExA is attached.
There is a subroutine; 40A908. It uses the RegOpenKeyExA function. Any suggestions of how to proceed from here?