mirror of https://github.com/dirtbags/moth.git
Add Danny's stuff
This commit is contained in:
parent
fd4a3f978e
commit
c6ba71cc65
11
install.sh
11
install.sh
|
@ -9,12 +9,12 @@ if ! [ -b "$DRIVE" ]; then
|
|||
fi
|
||||
|
||||
size=$(sfdisk -s $DRIVE)
|
||||
fatsize=$(expr $size \* 95 / 100)
|
||||
fatsize=$(sfdisk -l /dev/sdb | awk '/^Disk/ {print $3 - 2;}')
|
||||
|
||||
FATFS=${DRIVE}1
|
||||
EXTFS=${DRIVE}2
|
||||
|
||||
sfdisk -uB $DRIVE <<EOF
|
||||
sfdisk $DRIVE <<EOF
|
||||
,$fatsize,6,*
|
||||
,,L
|
||||
EOF
|
||||
|
@ -25,9 +25,9 @@ mkdir -p /mnt/ctf-install
|
|||
mkdosfs -n PACKAGES $FATFS
|
||||
mke2fs -j -L VAR $EXTFS
|
||||
|
||||
cat mbr.bin > $DRIVE
|
||||
cat /usr/lib/syslinux/mbr.bin > $DRIVE
|
||||
mount $FATFS /mnt/ctf-install
|
||||
mkdir /mnt/ctf-install/syslinux
|
||||
mkdir /mnt/ctf-install/syslinux /mnt/ctf-install/disabled
|
||||
umount /mnt/ctf-install
|
||||
syslinux -d syslinux $FATFS
|
||||
|
||||
|
@ -47,7 +47,8 @@ LABEL dbtl
|
|||
APPEND packages=disabled
|
||||
EOD
|
||||
|
||||
cp $(basename $0)/../bin/*.pkg /mnt/ctf-install
|
||||
cp $(dirname $0)/bin/*.pkg /mnt/ctf-install/disabled/
|
||||
mv /mnt/ctf-install/disabled/ctfbase.pkg /mnt/ctf-install/
|
||||
umount /mnt/ctf-install
|
||||
rmdir /mnt/ctf-install
|
||||
|
||||
|
|
|
@ -67,6 +67,7 @@ for dn in $indir/[0-9]*; do
|
|||
|
||||
tgt=$outdir/puzzles/$points
|
||||
mkdir -p $tgt
|
||||
touch $tgt/index.html
|
||||
|
||||
if [ -f $dn/Makefile ]; then
|
||||
# If there's a makefile, run make
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,6 @@
|
|||
You have found a virus on one of your customers computers. To answer this question,
|
||||
you will need to reverse engineer it and find out information about the sample.
|
||||
|
||||
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
|
||||
|
||||
Which family does this virus belong to? (all lowercase e.g. "sasser" without the quotes.
|
|
@ -0,0 +1 @@
|
|||
koobface
|
Binary file not shown.
|
@ -0,0 +1,8 @@
|
|||
You have found a virus on one of your customers computers. To answer this question,
|
||||
you will need to reverse engineer it and find out information about the sample.
|
||||
|
||||
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
|
||||
|
||||
Which API is called at address 4014A2?
|
||||
|
||||
Assume a normal address layout with the program being loaded with an ImageBase of 400000.
|
|
@ -0,0 +1 @@
|
|||
NtProtectVirtualMemory
|
Binary file not shown.
|
@ -0,0 +1,8 @@
|
|||
You have found a virus on one of your customers computers. To answer this question,
|
||||
you will need to reverse engineer it and find out information about the sample.
|
||||
|
||||
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
|
||||
|
||||
What is the original entry point for the worm after the unpacking process?
|
||||
|
||||
Assume a normal address layout with the program being loaded with an ImageBase of 400000.
|
|
@ -0,0 +1 @@
|
|||
420c80
|
Binary file not shown.
|
@ -0,0 +1,8 @@
|
|||
You have found a virus on one of your customers computers. To answer this question,
|
||||
you will need to reverse engineer it and find out information about the sample.
|
||||
|
||||
The MD5 for this sample is ec7be21bd697050d119c9f9df0fb6450
|
||||
|
||||
What is the first API called after the original entry point? Include it with the parameter(s)
|
||||
|
||||
For example, if the API was the string "zomg" being passed to printf the answer would be: printf("zomg")
|
|
@ -0,0 +1 @@
|
|||
Sleep(1)
|
Loading…
Reference in New Issue