TryHackMe — Advent of Cyber 2 — Day 18

Good evening everyone,

Onto day 2 of the reverse engineering challenges. Day 1 took a toll on the brain for me. I definitely need more practice so hopefully today helps.

Anyhow let’s get after it. Today’s task involves diving into the .Net reverse engineering. I’ve used dnSpy before so I’ll use that and see what I can remember. First we have to login to the machine and grab the needed files.

Had to setup a local drive real quick to share the file with my machine, figured I’d share the link I used (https://support.microsoft.com/en-us/help/313292/how-to-gain-access-to-local-files-in-a-remote-desktop-session-to-a-win)

Once we load the file into dnSpy, here is our tree.

Looking into the MainForm()

And let’s see how deep the rabbit hole goes.. Now because this isn’t offset with pretty colors, I’ll bold the part that we need to follow next.

And once we follow the lead on that one.

Flag removed for sake of fun.

Anyway, that was fun for me. That challenge went way smoother than yesterday’s for me anyway. dnSpy makes the task super simple and runs really well. Well, that is it for today.

As always, best of luck. If you enjoy my content, feel free to add me on LinkedIn and let me know you saw the blog.

Until next time,

-3lduderino