-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label macros. Show all posts
Showing posts with label macros. Show all posts
  • Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     

     

    We'll be looking at a tryhackme room called MrPhisher so it says that i received a suspicious email with a very weird looking attachment it keeps on asking me to enable Macros what are those so this straight away gives us a hint that we are going to deal with Macros So, Macros is a type of scripting language that you know you can embed in a excel or a word file so that it can even try to automate things to an extent so nothing challenging it just says that files you need are located in the home ubuntu MrPhisher on virtual machine and i have the vm(virtual machine) open up right here.
     

     

    When we start the machine, we found two files in home directory. “MrPhisher.docm” is a document with the ability to run macros and the zip file has the same file but compressed.

     

     

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough
     

     

    If we try to get open the file, we see the document indeed contain macros.

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     


    The document shows this one image.


    Now, to view and edit macros using Libre Office, go to Tools menu, choose Macros > Edit Macros. This opens a list of macros available in the currently open document.


    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough



    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough



    This macro contains a visual basic script...

     

    If you want copy this file in your loca;l machine then you can try this with netcat, To make easy the analysis and be able to download needed tools, I transferred the file to my local machine with netcat.

     

    Local machine:


    nc -nlvp <PORT> > MrPhisher.docm


    Remote machine:


    Setting listener and getting file.

    nc <IP> <PORT> < MyPhisher.docm



    As a note, is important to verify the integrity of the transferred file, in previous images you can see I checked MD5 hash, and it’s the same.

    via md5sum

    md5sum MrPhisher.docm
     


    But we will use into vm direct.. this code is here...

     

     

     

    Rem Attribute VBA_ModuleType=VBAModule
    Option VBASupport 1
    
    Sub Format()
    
    Dim a()
    
    Dim b As String
    
    a = Array(102, 109, 99, 100, 127, 100, 53, 62, 105, 57, 61, 106, 62, 62, 55, 110, 113, 114, 118, 39, 36, 118, 47, 35, 32, 125, 34, 46, 46, 124, 43, 124, 25, 71, 26, 71, 21, 88)
    
    For i = 0 To UBound(a)
    
    b = b & Chr(a(i) Xor i)
    
    Next
    
    End Sub
    

     

     

     

    Three things are done here:

    •     XOR operation is done with a value and it's index in the array.
    •     The result of this operation is converted to a character.
    •     This character is appended to a string. The resulting string is a flag for this challenge.



    I wrote a Python script to solve this challenge. The code can be found down below.

     

     

    #! /usr/bin/env python3
    
    # Values array
    a = [102, 109, 99, 100, 127, 100, 53, 62, 105, 57, 61, 106, 62, 62, 55, 110, 113, 114, 118, 39, 36, 118, 47, 35, 32, 125, 34, 46, 46, 124, 43, 124, 25, 71, 26, 71, 21, 88]
    
    # Array to store letters
    flag = []
    
    # Do XOR operation with a value and it's index
    for i in range(len(a)):
        flag.append(chr(a[i] ^ int(i)))
    
    # Join letters to a word
    print("".join(flag))
    

     

     

    Lets Run

     

     

    Tryhackme Embedded Marcos in Word Mr. Phisher Walkthrough

     

     

     
    ubuntu@thm-mr-phisher:~/mrphisher$ nano hackingtruth-oledump.py
    ubuntu@thm-mr-phisher:~/mrphisher$ nano hackingtruth-oledump.py
    ubuntu@thm-mr-phisher:~/mrphisher$ nano hackingtruth-oledump.py
    ubuntu@thm-mr-phisher:~/mrphisher$ python3 hackingtruth-oledump.py
    flag{a39a07a239aacd40c948d852a5c9f8d1}
    ubuntu@thm-mr-phisher:~/mrphisher$ #hackingtruth.org
    ubuntu@thm-mr-phisher:~/mrphisher$ #hackingtruth.in
    ubuntu@thm-mr-phisher:~/mrphisher$ 
    
    
    

     

     

    Done.

     

     


    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.


  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.