I don't know what you were doing or even if you were even born, but on September 22th 2004 at 4:44 PM I was having fun decrypting an ELF binary going through the awesome NGSEC1 CTF !! #quiz.ngsec.com

There was a binary file encrypted with BurnEye Encryption Engine that had to be decrypted in order to catch the flag and pass the LAST level of the CTF.

From a static analysis point of view is very well protected. The problem was that in order to get execute it must be decrypted. There was a kernel module (burndump.c) that dumped that process memory region and allowed to use strings command to search through the strings and get the FLAG !

You can get the source code of burndump.c kernel 2.4 module here: https://securiteam.com/tools/5bp0h0u7pq/

For more exploitation techniques have a look here:

Learn Pentesting like a Pro

🥷 The Art of Pentesting: Post-exploitation like an APT

Linux Post-exploitation Check wrong permissions: Find setuid binaries: find / -perm -4000 -ls 2> /dev/null Find files world writable: find / -path /sys -prune -o -path /proc -prune -o -type f -perm -o=w -ls 2> /dev/null Find directories world writable…

Read more

a year ago · pentesting.academy