You've got the idea. E-mails don't require a subject or body.
Do those skills extend to a PE?
0x41414141.com/bfab4d3c076ac4059f3c1e680c7a6933/
Visiting the given url, we are given a copy of the .exe
Here is a backup of the binary in case the website disappear forever.
bfab4d3c076ac4059f3c1e680c7a6933.zip
Since it's an .exe let's load it up in OllyDbg and have a quick look.
From the above image, we can see that there is a clue, "Email is return value of fn in form 0x12345678 zero padded to eight digits"
Immediately, there is a function call at address 0x00401000
It is loading "0x0C0FFEE" into eax then xor it with 0x401000 then xor the value with 0x8744EE and the results is "7AB00"
Looking at the hint again, the email had to be padded to eight digits, thus the email address which we should send to is 0x0007AB00@challenge.0x41414141.com
cheers
0x4a61636f62
No comments:
Post a Comment