Hello,
In this article I will present you my solution for the fourth challenge of flareon6.
The tools I used to solve this challenge were:
- Kali Linux
- DnsChef
- Wireshark
- Python
- Ghidra
I opened the binary in Kali and I got a nice chess game going on for me, when I made the first move the AI resigned. I opened up the provided pcap file in Wireshark and saw a lot of DNS traffic. Since Malware often uses DNS to do certain actions and if a server is not found it stops operating, I've figured it out that I have to fake the DNS, lucky I got all the traffic I needed in the pcap file.
Since copy pasting 80 lines of Wireshark lines would be painfully slow, I took some time to install pyshark and wrote a small Python program to parse the pcap and output the traffic in a format that dnschef would like.
import pyshark
def main():
print("gimme da pcap")
cap = pyshark.FileCapture('./capture.pcap')
for packet in cap:
if packet.ip.dst == "192.168.122.1":
print("{}={}".format(packet.dns.qry_name, packet.dns.a))
if __name__ == '__main__':
main()
After that I redirected the output of the script to fakehosts.txt added an [A] section header in the file and I've ran dnschef with the following command:
dnschef --fakens=ns1.game-of-thrones.flare-on.com --file=fakehosts.txt -i 0.0.0.0
And that didn't work, I forgot to go to the network manager and set my DNS server to localhost, after that was done I opened up the program, picked up a random move from the list and it magically worked, the AI responded to my move! Hurray!
I thought this is it, I solved the challenge, now to make the next move and... the AI resigned. It looked like I had to do the moves in a certain order, I couldn't do them randomly or in the order that I wanted to do them.
But, It took me some time to realise that. I even looked at the source code in Ghidra to see what I was doing wrong:
--
One night, when I had some extra time. I sat down with the list of available moves and I started manually brute forcing the moves until I got the right combination and the flag! It took me about one to two hours, luckly I knew a bit chess otherwise wouldn't have finished it that fast.
Thank you for reading!
Top comments (0)