@artikrh amazing challenge… man, I had a blast going through this, getting stuck, then realizing something and getting unstuck… Very nice! Well done!
As a general tip, if you manage to decode the attacker’s commands, try to research a bit the file type and see how you can ‘open’ it … there’s no need to ‘extract’ it somehow, you’ll just see it there if you managed to get to that point.
This challenge was so much fun! Thanks so much to @artikrh!
One of the best so far of all categories! Congrats!
and i noted your easter egg ahahaha, good luck and keep your work
I just needed a little help on decoding the commands and thanks @m4nu for helping me out on that!
When you get that is easy… Unlikely other challenges, in this one you have to use brute force to finish it.
Hope this will not spoil so much and goodluck.
Can anyone help me out? I feel like I’m at the very end… I deobfuscated, I get to the last bit, I get p***.***x, but it’s only 78 bytes after I manipulate it, and my “friend” says it has an invalid file signature. If someone wants to PM me I can show what I have.
Hello, I need help with this.
Ok, my php is readable.
I found the Ip of the hacker, but now I don’t know what I need do.
I tried run the php file, not successful
@Anoraks said:
Hello, I need help with this.
Ok, my php is readable.
I found the Ip of the hacker, but now I don’t know what I need do.
I tried run the php file, not successful
you’re in the right path.
Once you understand how the script works, you have to feed him some data.
Look at the pcap and follow the flow.
Finally you have to force the last step, simple and well known list is enough as usual.
I have done everything that needs to be done in this challenge and still don’t have the flag, so if anyone can pm to tell me what am I missing I would be grateful.
This was the most rewarding HTB challenge I’ve completed. Partially due to learning new skills but also to the lack of concrete hints. It was really fun dissecting exactly what was going on.