Sometime this year (2002), a blackhat attacked and broke into one of our Honeynets.
After breaking into the system, the attacker downloaded and executed a binary on
the hacked honeypot. Your job is to analyze that binary. No modifications were made
to the tool, what we found is what you get (well, we changed the name of the binary,
that is it).
WARNING: This is an un-trusted tool developed and used by the blackhat community,
do not use a production system to analyze it, nor any system with a connection to
a production network. These are the same precautions you should take when analyzing any
un-trusted binary. You have been warned.
The binary -> the-binary.tar.gz
MD5 (the-binary.tar.gz) = 857f9f32cbe7a277710d4fa57670316a
One of the questions in the challenge is to identify the encoding process of the
binary, and develop a decoder. You can download a Snort capture
of the encoded information, allowing you to test your decoder. This data is in no way required
to do any anlysis, we are supplying for testing purposes only.