Reminiscent

2»

Comments

  • @rotarydrone said:
    Hi @davidb - that file is not intended to be accessible from the HTB network

    @rotarydrone hi man can i PM you and you help me out a little
    i have gotten to the code but i cant figure out what i am looking for !

  • Type your comment> @S4K4L04 said:

    i am stuck now at this challenge
    what i have done was-
    -used volatility
    -found where the malware is
    -from parent file got the base64 code
    -decoded it and got a "ONELINE SUPER CODE"

    You are in the right track, you only have to find it. Go back to volatility and use "pstree". The question is: Have you exhausted all "Powerful 1-liner"?

  • @KameB0Y
    sorry i am a NOOB who got into this stuff a very short while ago
    could you explain further what do you mean ?
    i don't get what do you mean exactly with "exhaused" i mean i have found 2 of them one is really big other is a little smaller if that is what you wanted to ask me ?

  • Type your comment> @S4K4L04 said:

    I'll PM you.

  • Hey, if anyone's still stuck with this challenge here's my tips:
    If you already got the lnk file, all that's left to do is to actually read the code and follow exactly what it's doing. Even if you're not familiar with this specific language, you can always look it up! There are some nice reference docs online.

  • edited June 24

    What a great challenge. Very interesting!

    Videos that helped me understand how to use Volatility:


    Websites
    https://www.andreafortuna.org/2018/03/02/volatility-tips-extract-text-typed-in-a-notepad-window-from-a-windows-memory-dump/

    If you need some assistance please PM me.

Sign In to comment.