Codehead's Corner
Random ramblings on hacking, coding, fighting with infrastructure and general tech
Posted: 21 Aug 2016 by Codehead
12 minute read

The LabyREnth competition ran from 15th July to 14th Aug. I only managed to find time to do the first Windows challenge. It was a tricky one and I was only able to work at it in fits and starts, often with days or weeks between sessions. However, I learnt quite a few handy new things while working on it, so I’m writing this as a reference for myself and as an example of the dead-ends and rabbit holes of the analysis process for those who are interested.

Categories: Hacking CTF
Posted: 5 Apr 2016 by Codehead
4 minute read

Due the age of some of my email accounts and the stupid things I did when I was less careful with my contact details, I have a constant flow of spam and malware to some parts of my inbox. This is a good thing because I get to pick stuff apart and find out what’s going on in the shady world of digital con artists.

A few weeks ago I received several emails claiming to be important final demands. The messages urged me to view an attached document, which was a JavaScript file. That’s a pretty feeble attempt at phishing, but I guess some people might fall for it. I was interested to see what the script was actually going to do, so I tried to view the content. My mail client quite rightly denied me access to the file, even when I tried to bypass the blocks and warnings. In the end I had to go to the server and pull the attachment manually.

Categories: Malware Teardown
Posted: 21 Feb 2016 by Codehead
3 minute read


File Checker (rev60)


My friend sent me this file. He told that if I manage to reverse it, I’ll have access to all his devices. My misfortune that I don’t know anything about reversing :/

Categories: Hacking CTF
Posted: 7 Feb 2016 by Codehead
3 minute read

I hadn’t played SharifCTF before, but these guys put on a good competition.

Unfortunately I had other commitments, but I managed to spend a little bit of time looking at some of the challenges.

dMd was a reverse engineering challenge worth 50 points. A binary was provided with the description:

Flag is : The valid input.

file told me that the binary was an x86-64 ELF, so I threw it at my Fedora install and pulled up the disassembly in IDA.

Categories: CTF Hacking
Posted: 7 Feb 2016 by Codehead
2 minute read

SRM was another 50 point reverse engineering challenge at SharifCTF 2016. A binary was provided with the following description:

The flag is : The valid serial number.

file reported that the binary was a PE32 for Windows. So I fired up a Win7 VM and pulled up the disassembly in IDA.

Running the binary resulted in a dialog asking for an email address and a serial number.

RM Initial Screen

Categories: CTF Hacking
Site powered by Hugo.
Polymer theme by pdevty, tweaked by Codehead