spacer [an error occurred while processing this directive]
About the Project
Research Alliance
Our Book

Reverse Challenge Images

Skill level advanced.

Sometime this year (2002), a blackhat attacked and broke into one of our Honeynets. After breaking into the system, the attacker downloaded and executed a binary on the hacked honeypot. Your job is to analyze that binary. No modifications were made to the tool, what we found is what you get (well, we changed the name of the binary, that is it).

WARNING: This is an un-trusted tool developed and used by the blackhat community, do not use a production system to analyze it, nor any system with a connection to a production network. These are the same precautions you should take when analyzing any un-trusted binary. You have been warned.

The binary -> the-binary.tar.gz
MD5 (the-binary.tar.gz) = 857f9f32cbe7a277710d4fa57670316a

One of the questions in the challenge is to identify the encoding process of the binary, and develop a decoder. You can download a Snort capture of the encoded information, allowing you to test your decoder. This data is in no way required to do any anlysis, we are supplying for testing purposes only.

Back to Top