PE is downloaded in memory during Orbit Downloader startup. This memory module will then fetch a crypted configuration file with targets to DDoS. This short Python program will fetch this crypted configuration file from the source server and display its content. # Orbit Downloader Memory Module PE Payload # Configuration […]
This Web challenge was part of the ebCTF competition. It’s actually more crypto than web. We get a simple web site driving the famous cowsay binary: define(’MY_AES_IV’, CENSORED); define(’MY_AES_KEY’, CENSORED); define(’MY_HMAC_KEY’, CENSORED); define("FLAG","CENSORED"); function aes($data, $encrypt) { $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ”, MCRYPT_MODE_CBC, ”); mcrypt_generic_init($aes, MY_AES_KEY, MY_AES_IV); return […]