WarLord Posted June 3, 2022 Report Share Posted June 3, 2022 Salut, imi poate spune cineva ce fel de encoding e asta? E un string mult mai lung dau nu pot sa il dau pe net totul. 69,85,90,102,24,93,71 Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 3, 2022 Report Share Posted June 3, 2022 Noroc, asta e partea de inceput? Nu pare sa fie ceva comun. Quote Link to comment Share on other sites More sharing options...
WarLord Posted June 4, 2022 Author Report Share Posted June 4, 2022 22 hours ago, Nytro said: Noroc, asta e partea de inceput? Nu pare sa fie ceva comun. da, e partea de inceput dintr-un payload. Cam tot ce urmeaza din sir e la fel in format, desi numerele se schimba. E un payload folosit intr-un atack cibernetic si sunt curious sa-l decodez. Ms oricum. Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 4, 2022 Report Share Posted June 4, 2022 Conteaza cum e prelucrat acel payload, cel mai probabil e modificat (criptat, encodat, xorat orice) insa pentru a face ceva util trebuie reconstruit. Mai exact, trebuie sa vezi ce face binarul/exploitul cu acest payload inainte de a-l folosi. Shellcode nu pare sa fie. Quote Link to comment Share on other sites More sharing options...
Kev Posted June 5, 2022 Report Share Posted June 5, 2022 On 6/3/2022 at 12:03 PM, WarLord said: Salut, imi poate spune cineva ce fel de encoding e asta? E un string mult mai lung dau nu pot sa il dau pe net totul. 69,85,90,102,24,93,71 Pare a fi a Kamasutra, scris de vreun tocilar onanist Mai poti pune cateva linii din cod te rog:? Quote Link to comment Share on other sites More sharing options...
WarLord Posted June 5, 2022 Author Report Share Posted June 5, 2022 (edited) On 6/4/2022 at 9:48 AM, Nytro said: Conteaza cum e prelucrat acel payload, cel mai probabil e modificat (criptat, encodat, xorat orice) insa pentru a face ceva util trebuie reconstruit. Mai exact, trebuie sa vezi ce face binarul/exploitul cu acest payload inainte de a-l folosi. Shellcode nu pare sa fie. Fain, hai ca vedem. Am rezolvat asa. https://temp.sh/Febyt/script.txt Link valabil 3 zile. Daca reusiti sa decodati, nu postati daca e ceva privat in el. Edited June 5, 2022 by WarLord Quote Link to comment Share on other sites More sharing options...
Nytro Posted June 5, 2022 Report Share Posted June 5, 2022 Da, e XOR cu cheia de acolo de jos. Il poti pune aici: https://gchq.github.io/CyberChef/#recipe=From_Decimal('Comma',false)XOR({'option':'Latin1','string':'euzF8}gfab'},'Standard',false) Doar ca mai e ulterior obfuscat. 1 Quote Link to comment Share on other sites More sharing options...
WarLord Posted June 5, 2022 Author Report Share Posted June 5, 2022 10 minutes ago, Nytro said: Da, e XOR cu cheia de acolo de jos. Il poti pune aici: https://gchq.github.io/CyberChef/#recipe=From_Decimal('Comma',false)XOR({'option':'Latin1','string':'euzF8}gfab'},'Standard',false) Doar ca mai e ulterior obfuscat. Vad acuma. Merci mult. 1 Quote Link to comment Share on other sites More sharing options...
Notices345689 Posted June 24, 2022 Report Share Posted June 24, 2022 On 6/5/2022 at 11:33 PM, Nytro said: Yes, it's XOR with the key down there. You can put it here: https://gchq.github.io/CyberChef/#recipe=From_Decimal('Comma',false)XOR({'option':'Latin1','string':'euzF8}gfab'},'Standard',false) It's just that it's obscured later. Thanks for the Git! Quote Link to comment Share on other sites More sharing options...