TryHackMe — Advent of Cyber 2 — Day 18

Good evening everyone,

Onto day 2 of the reverse engineering challenges. Day 1 took a toll on the brain for me. I definitely need more practice so hopefully today helps.

Anyhow let’s get after it. Today’s task involves diving into the .Net reverse engineering. I’ve used dnSpy before so I’ll use that and see what I can remember. First we have to login to the machine and grab the needed files.

Had to setup a local drive real quick to share the file with my machine, figured I’d share the link I used (https://support.microsoft.com/en-us/help/313292/how-to-gain-access-to-local-files-in-a-remote-desktop-session-to-a-win)

Once we load the file into dnSpy, here is our tree.

Looking into the MainForm()

And let’s see how deep the rabbit hole goes.. Now because this isn’t offset with pretty colors, I’ll bold the part that we need to follow next.

// Token: 0x0600005E RID: 94 RVA: 0x000013A4 File Offset: 0x000007A4
  private void InitializeComponent()
  {
   .....
   this.buttonActivate.Anchor = AnchorStyles.None;
   Point location5 = new Point(111, 11);
   this.buttonActivate.Location = location5;
   this.buttonActivate.Name = "buttonActivate";
   Size size5 = new Size(75, 23);
   this.buttonActivate.Size = size5;
   this.buttonActivate.TabIndex = 3;
   this.buttonActivate.Text = "Submit Password";
   this.buttonActivate.UseVisualStyleBackColor = true;
   this.buttonActivate.Click += this.buttonActivate_Click;
   ....

And once we follow the lead on that one.

Flag removed for sake of fun.

Anyway, that was fun for me. That challenge went way smoother than yesterday’s for me anyway. dnSpy makes the task super simple and runs really well. Well, that is it for today.

As always, best of luck. If you enjoy my content, feel free to add me on LinkedIn and let me know you saw the blog.

Until next time,

-3lduderino