torontotokyo on 9:56 AM 06/14/2025: I'm stuck on libgen.dll and the first function in the program. I don't understand where to get the "anonymous" file or something like that. Can I get a hint?
nukoneZ on 11:49 AM 06/14/2025: You can learn and study more about Command and Control. You need to understand how the program sends and receives data from the server and you need to understand each step that the program performs then you can compare on the file that I have recorded to extract data.
torontotokyo on 5:18 PM 06/14/2025: I got libgen.dll with wireshark dump and encrypted user.html . But from this dll, functions are called with an argument in the form of a file, for example:
void* gen_from_file(char* arg1)
FILE* _Stream = fopen(_FileName: arg1, _Mode: "rb")
or
void* gen(void* file, void* len)
And I can't figure out what to do about it, maybe I'm stupid?
6ffteait on 7:46 PM 06/14/2025: i found anonymous but not libgen.dll, look for certain requests, mainly at the beginning of the capture
nukoneZ on 8:19 AM 06/15/2025: @torontotokyo Congratulations on finding the DLL, but you need to understand what I am importing into the program for.
nukoneZ on 8:21 AM 06/15/2025: @6ffteait "anonymous" it is very important for your next step.
torontotokyo on 10:52 AM 06/15/2025: I'm really just stupid, I didn't see these http packets and ignored them... A very interesting crackme!
nukoneZ on 1:40 PM 06/15/2025: @torontotokyo Thank you very much i will try to create better challenges
You must be logged in to submit a writeup
Solution by torontotokyo: Flag is F4N_N3R0{W3lc0m3_t0_my_pr0f1l3_7h1s_1s_my_w@ll3t_k3y}