Upload:
2:04 AM 06/11/2025
Description
A hacker launched a ransomware attack on Lisa’s machine, encrypting all critical data in her wallet. Help Lisa recover her lost files!
You must be logged in to post a comment
torontotokyo on 9:56 AM 06/14/2025: I'm stuck on libgen.dll and the first function in the program. I don't understand where to get the "anonymous" file or something like that. Can I get a hint?
nukoneZ on 11:49 AM 06/14/2025: You can learn and study more about Command and Control. You need to understand how the program sends and receives data from the server and you need to understand each step that the program performs then you can compare on the file that I have recorded to extract data.
torontotokyo on 5:18 PM 06/14/2025: I got libgen.dll with wireshark dump and encrypted user.html . But from this dll, functions are called with an argument in the form of a file, for example:
void* gen_from_file(char* arg1)
FILE* _Stream = fopen(_FileName: arg1, _Mode: "rb")
or
void* gen(void* file, void* len)
And I can't figure out what to do about it, maybe I'm stupid?
6ffteait on 7:46 PM 06/14/2025: i found anonymous but not libgen.dll, look for certain requests, mainly at the beginning of the capture
nukoneZ on 8:19 AM 06/15/2025: @torontotokyo Congratulations on finding the DLL, but you need to understand what I am importing into the program for.
nukoneZ on 8:21 AM 06/15/2025: @6ffteait "anonymous" it is very important for your next step.
torontotokyo on 10:52 AM 06/15/2025: I'm really just stupid, I didn't see these http packets and ignored them... A very interesting crackme!
nukoneZ on 1:40 PM 06/15/2025: @torontotokyo Thank you very much i will try to create better challenges
lexx on 10:02 AM 06/26/2025: F4N_N3R0{W3lc0m3_t0_my_pr0f1l3_7h1s_1s_my_w@ll3t_k3y}
Good puzzle :)
quachduytu on 3:46 PM 07/02/2025: this challenge is really cool, if you are really the one who created it can you give me your facebook info :))
i have a lot of questions since i am new
nukoneZ on 6:44 AM 07/04/2025: @quachduytu https://www.facebook.com/quocky05
You must be logged in to submit a writeup
Solution by torontotokyo:
Flag is F4N_N3R0{W3lc0m3_t0_my_pr0f1l3_7h1s_1s_my_w@ll3t_k3y}