Blog Archives

Extracting Malicious Shellcode From PDF

6/11/2016

0 Comments

Source: OpenSecurityTraining

PDFStreamDumper
Load -> Pdf File
View objects list in left-side box
- Tools -> About Listview Colors
choose object of interest (click on it to select)
- to export as-is: Right-click object number in left-side box -> Save Raw Stream
- to deal with JavaScript...
  1. click on object in left-side box, to select it
  2. click Javascrip_UI (in the menubar)
  3. modify JavaScript so that you remove the exploit line(s) and just have a variable that contains the shellcode
  4. add to the end of the JavaScript box (replacing VAR_NAME): tb.writeFile("C:\\shellcode.bin",VAR_NAME)
  5. click the Run button

0 Comments

Software Crack Challenge: ReWrit's Crackme #10.exe

6/2/2016

0 Comments

Inspired by: http://sgros-students.blogspot.com/2014/09/reversing-with-immunity-debugger.html

Goal:

Find where we type file password for the binary and where it is compared to the actual password, patch the program, and obtain access to the file.

We see that in case when our password is incorrect we get message Bad password. So lets try to find where that message is loaded up and displayed.

To do that we shall search binary file for string Bad password, or to be more precise, we shall search binary for all strings which are referenced to in the code. This method is effective only if binary isn't packed, obfuscated or encrypted in any way.

0 Comments

Reverse engineering Malware

Extracting Malicious Shellcode From PDF

Software Crack Challenge: ReWrit's Crackme #10.exe

Author

Archives

Categories