IRCWare [easy]: HackTheBox Reversing Challenge (mapping syscalls)
Рет қаралды 2,959
Күн бұрын
@_CryptoCat 3 жыл бұрын
I should really have installed this plugin for the video: github.com/0xb0bb/pwndra - it would of made mapping syscalls super easy 😮 I'll include it in a future walkthrough (and maybe do a seperate video testing out a range of ghidra plugins) 😀
@jaybailey216 3 жыл бұрын
Great video man I just subscribed!
@_CryptoCat 3 жыл бұрын
Thank you and welcome 😊
@akshaij8436 3 жыл бұрын
Hey bro, I found your videos really useful. Don't worry about the views. You are doing great!!!!
@_CryptoCat 3 жыл бұрын
Thank you, appreciated! 🥰
@saketsrv9068 3 жыл бұрын
i just love your videos,man i need this badly.Thanks a lot
@_CryptoCat 3 жыл бұрын
Thank you 🥰🥰🥰
@Vince-lw8qh 3 жыл бұрын
Thank you. Your videos are incredibly helpful!
@_CryptoCat 3 жыл бұрын
Thank you 🥰
@Jinzo- 2 жыл бұрын
Another great video
@_CryptoCat 2 жыл бұрын
thank you 🥰
@ldohlj1 3 жыл бұрын
This one was really hard for me... Before looking at your video, I could figure out that I needed to set up an IRC listener, but couldn't convert the hex ip to text for the life of me... But anyways, thanks for the nice helpful tutorial.
@_CryptoCat 3 жыл бұрын
it would be cool if ghidra could convert to IP format automatically, i'm sure i saw it somewhere else (maybe IDA). glad the video could help anyway, cheers mate! 😊
@macaulayakin2154 2 жыл бұрын
Great Content! quick question I use ubuntu docker containers for most of my linux execution/ RE needs. For some reason I wasn't able to get about put when using NC in combination with the IRCware executable. I know this is a bit out of scope for the video/challenge, but was just wanting to ask to see if you knew why it might be happening
@_CryptoCat 2 жыл бұрын
Hmmm docker is used to isolate the container from your host system so you shouldn't be able to communicate from one to the other e.g. if you run the binary in a docker container, but setup a netcat listener on your host OS, it *shouldn't* connect. The same applies if you run the binary on your host OS but setup a netcat listener in the docker container. If you do both inside the container, it should work e.g. run the binary in docker, then use the docker shell to start the netcat listener. Maybe that's what you had tried already, in which case, let me know! 😊
@macaulayakin2154 2 жыл бұрын
@@_CryptoCat thank you for the reply. Yeah, I did exactly that. I ran the bin file and the nc in the same container. :/ Maybe it has something to do with loop back in the container, but I dont think that would cause an issue. Just to be clear. when I set up the listener in the container and run the bin file, it does execute successfully, but when I issue it commands, it doesn't return any output.
@_CryptoCat 2 жыл бұрын
Sorry this comment got flagged as spam for some reason and only just showed up in my "held for review" section 🙄 I'm not too sure what the issue is, let me know if you work it out! Be interested to know if it just happens with this binary or you've experience similar problems with others? 🤔
@Dtomper 3 жыл бұрын
Good job man.
@_CryptoCat 3 жыл бұрын
Thanks 🥰
@surplus2720 Жыл бұрын
anyway i dont know if is it for the time that is passaed but ... im doing this now ( im following pwn & revs tracks ) and between your vids and my ghidra projects of the same binary or whatever , functions name are changed , for exemaple here i dont have "entry" function it's just another 'FUN_' , aslo in others challanges like Babycrypt the whole loop decompiled pice of code was a lil different .. dunno why.. ( p.s im learning now using ghidra ) p.s.s like here in what i suppose is the entry function the ghidra decompiler show me that : undefined [16] FUN_00400210(void) { int iVar1; syscall(); /* WARNING: Read-only address (ram,0x00601025) is written */ /* WARNING: Read-only address (ram,0x00601025) is written */ s_NICK_ircware_0000_00601018._13_4_ = 0x30303030; iVar1 = FUN_0040028f("0000",4,0); -------------------------------- --------the rest is the same ---------------------------- result are the same , just a thing i noted .... and changes are not pointed our in htb changelogs
@_CryptoCat Жыл бұрын
Interesting! I'm guessing probably just ghidra update, unlikely there's been any changes to the challenge. All disassemblers will give a different results because it's just a rough interpretation of the assembly code. You can go to godbolt.io and dogbolt.io to see how different compilers/decompilers look 😉 Side note: I've seen some posts recently about ghidra plugins that use chatGPT to auto rename functions, comment code etc. I haven't tried any yet but might be cool 🙂
@surplus2720 Жыл бұрын
@@_CryptoCat ooooh chatGTP is pretty noice....ghidra working whit chatGTPs sound good al lot! p.s im sorry i aint looking ur last videos , but im totally focused on the traks and learning ... but yeah i will give a look to your last videos for sure !
@_CryptoCat Жыл бұрын
@@surplus2720 That's cool mate, best way to learn is to jump into the practical material yourself and then check videos if you get stuck or want to see different ways of doing things 😊
@surplus2720 Жыл бұрын
@@_CryptoCat this is the only reason why i sub to htb vip+ ( somtime their parrot vm can be usefull and i dont like having timer going on me)... you are totally right jump into pratical , write every pass u do , if u encounter something u dont know what is it or what it do, stop what are u doing , understand it , once u know , return to the box or whatever and repeat the process :D it take a lot of time ,patience and perseverance ... but in the end u dont trash ur time...
@__prisoner__ 3 жыл бұрын
Can you do "toxic" web challenge? Its an easy one, i'm a beginner and after different tries i still have not found the solution :(
@_CryptoCat 3 жыл бұрын
i wish i could but walkthroughs aren't allowed until they retire the challenge 😣 if you are stuck on an active challenge, check out the hackthebox forum or join the official discord (discord.gg/hackthebox ) where you can ask for help 😉
@__prisoner__ 3 жыл бұрын
@@_CryptoCat still thank you for your help :)
@pwndumb2903 3 жыл бұрын
HI, I enjoy a lot your videos. Help me understand the concept that is difficult to me learn alone.. If not ask too much, Could you increase your terminal font a little ?
@_CryptoCat 3 жыл бұрын
sorry i keep forgetting this 😫 i actually increased the fonts but they were hurting my eyes so i reduced them again.. ill try to remember before recording the next one
@shivanigupta2803 3 жыл бұрын
which tool is used in this video?
@_CryptoCat 3 жыл бұрын
hey, mostly using ghidra (for static analysis) and GDB-pwndbg for debugging 😉
CryptoCat
Рет қаралды 2,7 М.
I migliori trucchetti di Fabiosa
Рет қаралды 13 МЛН
CryptoCat
Рет қаралды 4,4 М.
CryptoCat
Рет қаралды 3,5 М.
Low Level
Рет қаралды 826 М.
CryptoCat
Рет қаралды 3,6 М.
CryptoCat
Рет қаралды 2,7 М.