oBfsC4t10n

I’ve done it
Thanks @luskin for tips and @0xdf for challenge :slight_smile:

I am this close to solving it. I have deobfuscated the H** and got the payload. I don’t know what to do with the payload though

I found an article that help me a lot on this challenge. I hope this is not a spoiler:

i stuck in here few months…
i extrack .vba and .hta file but not found any useful…
this challenge have to reversing?

please help me.

Piouf. Solved ! Not an easy one, but a fun one :smile:. Thanks @0xdf for this

If anyone is still working on this one, does anyone have a tip for the last step? I have the deobfuscated payload from the h** file and was able to get valid shellcode from it, but I can’t get it to execute correctly (unless that’s not what is needed).

I found shellcode, but i don’t know good tools to work with it. May be anyone can give me an advice?

Got it!
Feel free to ask a nudge

Like many i’m with the array.

What’s the best strategy to debug that shellcode ? As far as i know, because of the context (i dont want to give spoiler) it’s not as straight forward as attaching to an .exe and put breaks here and there. Any hints appreciated…

edit: ok, for anyone frustrated in the future, consider using ancient versions…

Can anybody help me? I disassembly shellcode and I don’t understand what shellcode do. How can I debug this shellcode?

Not too tough, the path forward is always obvious. The main sticking point that you kind of do need windows.

found some shellcode but it doesnt look right, not can I get it to execute. anyone pm?

Just got the flag,

For those needing help with the shellcode, i found BlobRunner useful. It designed to aid in analysis of msfvenom payloads, definately worth a squiz

can someone help me with the last step? i’m stuck at the shellcode
And how to reverse it
pm me please

Hi guys, i’m trying out this challenge. I got the HTA, i think I have the correct shellcode but I am not able to analyze it correctly. Tried several tools, which I don’t know if I can discuss here. Can someone give me any tips, also as PM. Ty

I got the name of HTA inside xlsm, but how can i extract out?

man. i love this challenge. learned new tricks along the way. thanks also to @kekburger for the tips - IYKYK :wink:

I know this is sort of an older challenge, but would anyone be able to give a hint for the last step regarding the shellcode? I can extract it and even look at the assembly when run using one of the tools mentioned above, but it doesn’t seem to be anything useful so I’m not sure if I messed up a step somewhere.

Anyone got a hint for me? I found the Array but cant really get anything usefull out of it yet.