tryhackme Basic Malware RE write-up
- Name: Basic Malware RE
- Description: This room aims towards helping everyone learn about the basics of “Malware Reverse Engineering”.
- Room: tryhackme.com
Strings :: Challenge 1
This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?
Note: You don’t need to run the executable!
Question: What is the flag of which that MD5 gets generated?
I use IDA pro for reverse engineering.
As you can see the command mov eax, off_432294 copies the content of the flag of the memory address (off_432294) into the EAX register.
After saving the flag in the EAX register, it converts the flag to md5 using the “strings1_? Md5_hash” function and displays it with “MessageBoxA”
Strings :: Challenge 2
This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?
Note: You don’t need to run the executable!
Question: What is the flag of which that MD5 gets generated?
Set the breakpoint in:
start the debugging:
As you can see, like Challenge1, there is a flag in the eax register
flag: FLAG{STACK-……………………}
Strings 3 :: Challenge 3
This executable prints an MD5 Hash on the screen when executed. Can you grab the exact flag?
Note: You don’t need to run the executable!
Question: What is the flag of which that MD5 gets generated?
Most likely the flag is stored in “Buffer” and then copied to the “eax” register and converted to md5 using “strings3_?DigestString@MD5”
Set the breakpoint in:
start the debugging:
flag: FLAG{RESOURCES-…………………..}
thank you 🌏🔥