Awesome video man! I got quite far with Vault and Arachnoid Heaven but am still quite new to reversing and am not well versed with gdb yet. With Upgrades, I actually just opened the VBA macro in Powerpoint, although I did have to hex edit the project so that I could get past the password protection on it (I should have just used Libre Office!). From there I replaced all the various hex strings into the label output until I got the flag output. I also got punished with doing this natively because I accidentally ran the macro in the editor and the command that happened to be in the print was one that spawned a shell and ran shutdown command :P
Just to further elaborate, in the vault reversing challenge, in the loop the bvar2 variable is set to the value returned by a function that changes every loop as it is part of a vtable. So as i understand it is like an array of pointers to different functions and in this case each of those functions just return a integer. The offset to each function is calculated by the values in a hardcoded array (the DAT_001...). So when i solved this i calculated the offset manually, looked at the value returned by the function called in each iteration and then paste each value to cyberchef to convert from decimal. Now looking at your writeup i feel a bit stupid for not just debugging and checking the values like you did, which is much faster and easier.
aha i feel the opposite way! a bit stupid for not knowing the intended solution to the challenge was vtables 😂 my way might of been a bit quicker but it sounds like you had a better understanding of the programs functionality 🥰
Bro can you say how you learned all these stuff or give me a pathway how i can learn too..I also would like to learn all this and become someone like you please.
honestly bro the best way is just get stuck into boxes/challenges on HackTheBox! at the start you might struggle with some concepts but for retired boxes/challs you can refer to walkthroughs and you can ask for help in HTB discord if you are stuck on active ones. check out the CTF events that run regularly on CTFtime.org as well, do your best to solve some challenges then refer to walkthroughs after the competition to see the solutuons to the ones youve missed. finally, there's a lot of other great resources in terms of practical exercises and other creators who make excellent content to help the learning process: github.com/Crypto-Cat/CTF#readme 😉
Aren't you a PhD student? You broke rule number two of the CTF "Only students currently enrolled in a bachelor’s or master's program can participate in this event."
haha yes that is true! i wasn't playing competitively though (for placement or prizes), just playing solo to learn and have some fun 😊 i dont think John Hammond (and some others) are students either 🤔😅 also i'm enrolled on a CDT program, which is actually a MSc and PhD combined.. so technically 👀
@@bbbbbbbbbbbbbbssn you know it! hackers gonna hack 😉 thanks bro, vault was pretty difficult. i guess the intended solution was to analyse the vtable mappings but thankfully my one (and pretty much only) reversing technique of "break @ CMP" didn't fail me 😂
![Exploiting Predictable PRNG Seeds (with PwnTools) - Badseed (Reversing/Crypto) [K3RN3L CTF]](http://i.ytimg.com/vi/-hlJFrZn87A/mqdefault.jpg)
![Exploiting Predictable PRNG Seeds (with PwnTools) - Badseed (Reversing/Crypto) [K3RN3L CTF]](/img/tr.png)
what an absolute legend. Great editing as well!!! Mans got the audio sounding crisp
thank you 🥰🥰🥰
Awesome video man! I got quite far with Vault and Arachnoid Heaven but am still quite new to reversing and am not well versed with gdb yet.
With Upgrades, I actually just opened the VBA macro in Powerpoint, although I did have to hex edit the project so that I could get past the password protection on it (I should have just used Libre Office!). From there I replaced all the various hex strings into the label output until I got the flag output. I also got punished with doing this natively because I accidentally ran the macro in the editor and the command that happened to be in the print was one that spawned a shell and ran shutdown command :P
thanks mate 🥰 omg the macro was designed to shutdown the computer?! ultimate troll 😂
Just to further elaborate, in the vault reversing challenge, in the loop the bvar2 variable is set to the value returned by a function that changes every loop as it is part of a vtable. So as i understand it is like an array of pointers to different functions and in this case each of those functions just return a integer. The offset to each function is calculated by the values in a hardcoded array (the DAT_001...).
So when i solved this i calculated the offset manually, looked at the value returned by the function called in each iteration and then paste each value to cyberchef to convert from decimal. Now looking at your writeup i feel a bit stupid for not just debugging and checking the values like you did, which is much faster and easier.
aha i feel the opposite way! a bit stupid for not knowing the intended solution to the challenge was vtables 😂 my way might of been a bit quicker but it sounds like you had a better understanding of the programs functionality 🥰
This man has great skills... Honestly
🥰🥰🥰
great waiting for this video and it came thanks sir
thanks mate! hope you enjoy 🥰
NICE VIDEO!
thanks mate 🥰
Bro can you say how you learned all these stuff or give me a pathway how i can learn too..I also would like to learn all this and become someone like you please.
honestly bro the best way is just get stuck into boxes/challenges on HackTheBox! at the start you might struggle with some concepts but for retired boxes/challs you can refer to walkthroughs and you can ask for help in HTB discord if you are stuck on active ones. check out the CTF events that run regularly on CTFtime.org as well, do your best to solve some challenges then refer to walkthroughs after the competition to see the solutuons to the ones youve missed. finally, there's a lot of other great resources in terms of practical exercises and other creators who make excellent content to help the learning process: github.com/Crypto-Cat/CTF#readme 😉
wahh, i also join this competition btw, What is your team's rank brow or you alone ? uk is so dominant at the top :)
i was playing this one alone, i think placed around 100th but i wasn't really going for placement, just picked a few categories to focus on 😁
@@_CryptoCat wow alone, where is your friends bro xd
@@dekajulian7296 what friends 😭
very hard
yeh haha these were the easiest challenges as well 😳
@@_CryptoCat but i can htb machine
@@_CryptoCat i am learn cyber
awesome! well CTFs and HTB are a great way to do it 😊
@@_CryptoCat why
Aren't you a PhD student? You broke rule number two of the CTF "Only students currently enrolled in a bachelor’s or master's program can participate in this event."
haha yes that is true! i wasn't playing competitively though (for placement or prizes), just playing solo to learn and have some fun 😊 i dont think John Hammond (and some others) are students either 🤔😅
also i'm enrolled on a CDT program, which is actually a MSc and PhD combined.. so technically 👀
@@_CryptoCat Ooh beat the system 😎 Anyways loved you video as usual, didnt know how to solve vault
@@bbbbbbbbbbbbbbssn you know it! hackers gonna hack 😉 thanks bro, vault was pretty difficult. i guess the intended solution was to analyse the vtable mappings but thankfully my one (and pretty much only) reversing technique of "break @ CMP" didn't fail me 😂