Another frustration, 500 points should been a sweet victory at the end. If I had enough time to play that day.....
so we get a zip file which contains this
how about we open that README.md which has something info about this fileMori-Dark
An HTML5 minimalistic super-responsive portfolio and blog template.
CSS-only hexagon hive gallery!
and it can be decoded, so we save the encoded text to file and decode using scrdec.exe
scrdec.exe encoded.vbe decoded.vbs
and we get the decoded sourcecode. It looks like a dropper, so we take the long hex string and paste to hex editor and we can see the MZ header, so it is a PE file. Also I noticed some UPX header in the file.
Try running it, we get a warning by Nafiez. I lol'ed at this
Unpack it with upx -d get something strange. Then I remembered flare-on challenge last year, that implemented this. more here
so we just debug the file without upx -d it.
try running it and we get the bendera! but I didn't get the chance to verified it, hope the flag is correct.
flag: nafiezawesome*yup this guys awesome,I have met him twice i think and this is the first time I completely answered his question. I still remembered pandame.exe....
nice challenge, which I learn how to use new tools like srcdec and malzilla but still frustrating coz cannot solve on that day.