tiwanari
commented
7 years ago [ tatsuya@tatsuyas-MBP ] Downloads# file bin
bin: PE32 executable for MS Windows (console) Intel 80386 32-bitWindows 用のバイナリみたい
Open tiwanari opened 7 years ago
tiwanari
commented
7 years ago [ tatsuya@tatsuyas-MBP ] Downloads# file bin
bin: PE32 executable for MS Windows (console) Intel 80386 32-bitWindows 用のバイナリみたい
tiwanari
commented
7 years ago [ tatsuya@tatsuyas-MBP ] Downloads# strings bin
!Enjoy CTF! .
Richw0B
.text
`.rdata
@.data
.rsrc
hXMV
Y_^[
SVWP
Y_^[
u'9E
9E
t
9csm
E
9X
t
;u
r
uTVWh=B@
j h`
@
@uYP
tR:Q
t<:Q
t&:Q
@FA;
9M
t
9M
t
F
@uoV
M
t2
E
PV
t
Ht
s
9U
_^[]
to=0
Y_^[]
j
h@
Fpt"
h03@
PPPPP
URPQQhp:@
L$,3
UVWS
[_^]
SVWj
_^[]
_^[]
Y_^[
Y_^[
h9>@
t!Ht
j
h0
Y__^[
PPPPP
<v*V
^SSSSS
uNSW
SVW
j@j ^V
SWf9M
j@j
t$WV
u,9E
t'9
~,WPV
98t^
tVPV
t/9U
A
@t
C
@V
F
@u^V
t%HHt
HHt$HHt
t
f
RPWS
90tW
?If90t
YYt.
8csm
t?VSP
Y[_^
PPPPP
>"u&
< tK<
wf93t
f90u
f90u
VVV+
@PSVV
t*VV
9]$u
9](SS
t"SS9] u
9] SS
v4;5d
vL;5|
PPPPPPPP
t&:a
PPPPPPPP
SVWUj
hxp@
]_^[
;t$,v-
R
9Q
k
UQPXY]Y[
E
VW
u}h$
9U
u
_^[]
t'Ou
M
jPf
VVhU
9]
t5
Ht%C
;E
t
Ht(f
woVW
u&j
^9
;E
s
F
@t
M
QSWVj
D$
3
;T$
w
N+D$
oV f
o^0f
of@f
onPf
ov`f
o~pf
FGIu
X^_]
FGIu
_^[]
j
h8
D8
P
~%9M
r 8^
L$
u
ollydbg.exe
ImmunityDebugger.exe
idaq.exe
Wireshark.exe
Input password >
I have a pen.
Your password is correct.
But detected debugger!
But detected NtGlobalFlag!
But detected remotedebug.
But detected debug.
\\.\Global\ProcmonDebugLogger
But detect %s.
But detected Ollydbg.
But detected ImmunityDebugger.
But detected IDA.
But detected WireShark.
But detected VMware.
But detected Debugged.
But detected Debugged.
;aj&@:JQ7HBOt[h?U8aCBk]OaI38
check!
password is wrong.
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
( 8PX
700WP
`h````
xpxxxx
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
('8PW
700PP
`h`hhh
xppwpp
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileA
Sleep
GetTickCount
CheckRemoteDebuggerPresent
GetCurrentProcess
IsDebuggerPresent
KERNEL32.dll
MessageBoxA
USER32.dll
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
IsProcessorFeaturePresent
RtlUnwind
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
WriteFile
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetFileType
GetStartupInfoW
HeapFree
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
ReadFile
HeapAlloc
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
CloseHandle
CreateFileW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Reverse it. bin may some AV will alert,but no problem.