The WiCSME conference is proud to present its 3rd WiCSME2022 CTF in collaboration with the Cyber Talents platform!
Shark In The W1res
Category : Network Security
Description
- We were able to intercept this traffic but we don't know what it is!
- can you help us and figure out what is the traffic?
Solutions
Let's open the challenge
It's port(4444) so it's Metasploit :)
Let's try to following TCP stream
I believe it's Metasploit so it's ShellCode, When I Change [Show Data As > Raw] I see (c3) in the last ! and from my experience, I know that (c3 = ret) in assembly, you can check for yourself [ https://defuse.ca/online-x86-assembler.htm ]
Now let's run the code and See what's happen :)
Open x64dbg and select any 64bit executable, then make some of them NOP, then Insert our shellcode
Let's make the starting point the beginning of the shellcode
Put Breakpoint on XOR and Run the code with note the RSI in the top right (Registry section),
Flag{G-KENOBI}