oBfsC4t10n

got it! really a great challenge! +++

awesome challenge, lots of this stuff in the real world!


~~~I’ve found all part of HTA, so I have problems with deobsfucation when vipermonkey or something like doesn’t work on your kali ~~~

I get clear macros from HTA but I while stuck here, sorry

I stuck with de-compiling of memory injection byte array.
Can anybody give any tips?

Sorry, click button by mistake

I’ve done it
Thanks @luskin for tips and @0xdf for challenge :slight_smile:

I am this close to solving it. I have deobfuscated the H** and got the payload. I don’t know what to do with the payload though

I found an article that help me a lot on this challenge. I hope this is not a spoiler:

i stuck in here few months…
i extrack .vba and .hta file but not found any useful…
this challenge have to reversing?

please help me.

Piouf. Solved ! Not an easy one, but a fun one :smile:. Thanks @0xdf for this

If anyone is still working on this one, does anyone have a tip for the last step? I have the deobfuscated payload from the h** file and was able to get valid shellcode from it, but I can’t get it to execute correctly (unless that’s not what is needed).

I found shellcode, but i don’t know good tools to work with it. May be anyone can give me an advice?

Got it!
Feel free to ask a nudge

Like many i’m with the array.

What’s the best strategy to debug that shellcode ? As far as i know, because of the context (i dont want to give spoiler) it’s not as straight forward as attaching to an .exe and put breaks here and there. Any hints appreciated…

edit: ok, for anyone frustrated in the future, consider using ancient versions…

Can anybody help me? I disassembly shellcode and I don’t understand what shellcode do. How can I debug this shellcode?

Not too tough, the path forward is always obvious. The main sticking point that you kind of do need windows.

found some shellcode but it doesnt look right, not can I get it to execute. anyone pm?

Just got the flag,

For those needing help with the shellcode, i found BlobRunner useful. It designed to aid in analysis of msfvenom payloads, definately worth a squiz

can someone help me with the last step? i’m stuck at the shellcode
And how to reverse it
pm me please