Learn Pentesting like a Pro!

Share this post

Bypassing encryption by memory dumpingšŸ’£ in a Linux Kernel 2.4 in 2004

pentesting.academy

Bypassing encryption by memory dumpingšŸ’£ in a Linux Kernel 2.4 in 2004

pentesting.academy
Mar 4, 2021
Share this post

Bypassing encryption by memory dumpingšŸ’£ in a Linux Kernel 2.4 in 2004

pentesting.academy

I don't know what you were doing or even if you were even born, but on September 22th 2004 at 4:44 PM I was having fun decrypting an ELF binary going through the awesome NGSEC1 CTF !! #quiz.ngsec.com

There was a binary file encrypted with BurnEye Encryption Engine that had to be decrypted in order to catch the flag and pass the LAST level of the CTF.

From a static analysis point of view is very well protected. The problem was that in order to get execute it must be decrypted. There was a kernel module (burndump.c) that dumped that process memory region and allowed to use strings command to search through the strings and get the FLAG !

You can get the source code of burndump.c kernel 2.4 module here: https://securiteam.com/tools/5bp0h0u7pq/

For more exploitation techniques have a look here:

Learn Pentesting like a Pro
🄷 The Art of Pentesting: Post-exploitation like an APT
Linux Post-exploitation Check wrong permissions: Find setuid binaries: find / -perm -4000 -ls 2> /dev/null Find files world writable: find / -path /sys -prune -o -path /proc -prune -o -type f -perm -o=w -ls 2> /dev/null Find directories world writable…
Read more
3 months ago Ā· pentesting.academy
Share this post

Bypassing encryption by memory dumpingšŸ’£ in a Linux Kernel 2.4 in 2004

pentesting.academy
Comments
TopNew

No posts

Ready for more?

Ā© 2023 pentesting.academy
Privacy āˆ™ Terms āˆ™ Collection notice
Start WritingGet the app
SubstackĀ is the home for great writing