Blue Shadow Forensics Challenge

Hello everyone,
I have some trouble finding the "antidote", does anyone have any ideas?

Tagged:
«13

Comments

  • Google is your friend. Do what a forensic investigator would do, lookup indicators.

    charybdis

  • any hint? can't find anything on google

  • Follow the information you already have from the challenge description, you don't need Google for the first part.
    Try harder... ;)

  • muwhahahahah

    Hack The Box
    OSCP - www.bulbafett.com

  • edited June 2018

    I'm a **** **** fan and I get pretty much everything that I'm supposed to be looking for but I'll be damned if I still can't figure this out. Sometimes I find the word A******* and sometimes I see the word F***. Sometimes I see what appears to be the output of a program and sometimes I see nothing but crap. My one question: should I be thinking in a different language or am I just a wermo?

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • Oh....... wait a second....

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • Don't overthink
    I'm not a big fan of Star Wars so I had to do a little research on the virus

  • okay, I think I know what I need to do but I don't know how to do it. :-/

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • @cyb3rsinn3r said:
    I'm a **** **** fan and I get pretty much everything that I'm supposed to be looking for but I'll be damned if I still can't figure this out. Sometimes I find the word A******* and sometimes I see the word F***. Sometimes I see what appears to be the output of a program and sometimes I see nothing but crap. My one question: should I be thinking in a different language or am I just a wermo?

    I exclusively speak english and h4x0r so no other languages involved

    Hack The Box
    OSCP - www.bulbafett.com

  • I have the twitter part worked out. Can someone DM me or allow me to DM them for a hint?

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • im stuck at the same position can anyone pm me ? i need a hint :(

  • I've troubled with decoding, utf-8 gives me errors.. Can someone provide a hint as to what I need to use to decode it?

  • edited July 2018

    So, in another encoding I'm able to see the text. I assume the file is called ex*****.a**? But I can't debug or decompile it, probably because it's not right as in the file there's /00's and other non-characters, making it impossible to run. I've also thrown in into an assembly program as there's a word Rev****I*, but that doesn't work either.
    Can anyone provide me a hint? I'm really stuck with this one, but I'm really interested in solving this.

  • okay im a big fan but only from the original 6 filmes and i dont know how i can find this key can anyone give me a little hint ?

  • okay update i got the flag but its incorrect can anyone pm me ?

  • This is wild, is it xxd, perl, folding, packing. 58 tweets how did you pack this into a file? FLAGLEN is what I see from strings after converting to a bin..pm anytime please

    cslatt05

  • This one is stumping me. And I hope the following doesnt have spoilers. I tried to redact important parts.
    I have the binary, ive been debugging it and noticed that it performs logical *** within a procedure call named E******.
    BUT.... this looks like a red herring? There are no ASCII characters which will pass thru this procedure and output HTB{....} as the third character in the input would have to be 0x14
    I noticed there is a very interesting unused function call named R******It and also noticed that is not ever called from within the binary, and this sounds like it would be the key to unlocking it.
    Im trying various things but it always ends in a SEGFAULT or an exception for unmapped memory when I try to force it to jump to procedure R******it.

    I would appreciate a PM with a tip to point me in the right direction.

  • I got it.
    After you know what to do with the tweets, DONT OVER THINK IT.
    Google is your friend.
    this took me hourse because I overthought the solution. As soon as you have figured out what to do with the tweets, you are literally 90% done and all you need is a google search for the answer

  • NOTE: If you are using a script to download the tweets, remember that Twitter changed from 140 to 280 characters so you may not be getting everything.

    cslatt05

  • Does anyone can help me? I'm stuck after the twitter part. Now I'm googling for the A******e. Is I'm on the right track or not?

  • edited November 2018

    Nice one :)

  • I got it !!!!!
    Thank @charybdis
  • I want to share this just in case it may help someone...
    I got to the last part pretty easily but couldn't solve it and lost hours just because I was using ubuntu for windows!
    When I tried it in my kali machine everything worked flawlessly!

    mrlbender

  • hey there! do i need to sign up for a twitter account for this challenge?

  • oh wait, that was a different blue shadow. still, nothing's working properly and i already hate twitter at this point. gonna skip that one

  • Can someone help me, i think i have some decoding issue's because UTF-8 gives some errors and useless text

  • Think i'm going down a rabbit hole here....

    worked out what to do with the tweets and after doing some searching i think i have the answer to find the flag but cannot work out how to enter it to get the flag.
    Any hints are appreciated

  • Hi, I'm stuck after the first part. I believe I know what to do but I'm stuck on how to do it. Can anyone give me a hint or pm?

    Thanks

  • edited January 15

    Anyone able to PM me a hint on this one, I think I have sussed the tweets and I have a file which includes A******* F**** and I thought I had the key but tried many combinations to no avail so far.......

  • I have some issues with the binary file... gdb reports it as "not in executable format: File truncated". Anyway I was able to debug it with other tools, but stuck at the A* F* part and wonder if this is because of the integrity of the binary file....?

Sign In to comment.