Video walkthrough for retired @HackTheBox (HTB) Reverse Engineering challenge "IRC Ware" [easy]: "During a routine check on our servers we found this suspicious binary, although when analyzing it we couldn't get it to do anything. We assume it's dead malware, but maybe something interesting can still be extracted from it?" - Hope you enjoy 🙂
Sign up for HackTheBox: https://htb-signup.cryptocat.me
↢HackTheBox↣
https://htb-signup.cryptocat.me
https://twitter.com/hackthebox_eu
https://discord.gg/hackthebox
↢Video-Specific Resources↣
Ghidra cheatsheet: https://ghidra.re/CheatSheet.html
Linux call table: https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/
IRC docs: https://tools.ietf.org/html/rfc2812
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
Start - 0:00
Basic file checks - 0:30
Analyse in ghidra - 1:30
Map syscalls - 4:12
Establish connectivity - 10:04
Debug with GDB - 14:54
Decode algorithm - 21:32
Test password - 24:54
