{"id":866,"date":"2015-09-08T09:53:34","date_gmt":"2015-09-08T07:53:34","guid":{"rendered":"https:\/\/0x90r00t.com\/fr\/?p=866"},"modified":"2015-09-08T15:41:23","modified_gmt":"2015-09-08T13:41:23","slug":"mma-2015-misc-mqaaaa-write-up","status":"publish","type":"post","link":"https:\/\/0x90r00t.com\/fr\/2015\/09\/08\/mma-2015-misc-mqaaaa-write-up\/","title":{"rendered":"[MMA 2015] [Misc &#8211; MQAAAA] Write Up"},"content":{"rendered":"<h2>Description<\/h2>\n<blockquote><p>I0B+Xk1RQUFBQT09CVVtLmJ3RFIrMXRLY0p0SCkJRHRubTZWbFRtaEtETnxyZHtLNDZFZG1DT2JXVThyYmpSSUFBQT09XiN+QA==<\/p><\/blockquote>\n<p><!--more--><\/p>\n<h2>R\u00e9solution<\/h2>\n<p>Bon, c&rsquo;est assez clair que nous sommes face \u00e0 quelque chose en base 64. Apr\u00e8s l&rsquo;avoir d\u00e9cod\u00e9, nous avons :<\/p>\n<pre>#@~^MQAAAA== Um.bwDR+1tKcJtH) Dtnm6VlTmhKDN|rd{K46EdmCObWU8rbjRIAAA==^#~@<\/pre>\n<p>C&rsquo;est une cha\u00eene de caract\u00e8re VBScript encoded. On sauvegarde le contenu de cette cha\u00eene dans un fichier <strong>encoded<\/strong>, et nous utilisons un outil <a href=\"https:\/\/gist.github.com\/bcse\/1834878\">pr\u00e9sent sur github<\/a><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">$ scrdec18-VC8.exe encoded decoded.txt<\/pre>\n<p>Et voici le contenu de <strong>decoded.txt<\/strong><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">&amp;lt;% @Language=&amp;quot;VBScript.Encode&amp;quot; %&amp;gt;\r\n&amp;lt;%=WScript.echo(&amp;quot;MMA{the_flag_word_is_obfuscation}&amp;quot;)%&amp;gt;<\/pre>\n<p>Nous avons notre flag !<\/p>\n<p><strong>MMA{the_flag_word_is_obfuscation}<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Description I0B+Xk1RQUFBQT09CVVtLmJ3RFIrMXRLY0p0SCkJRHRubTZWbFRtaEtETnxyZHtLNDZFZG1DT2JXVThyYmpSSUFBQT09XiN+QA==<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,35],"tags":[37,38],"class_list":["post-866","post","type-post","status-publish","format-standard","hentry","category-2015-fr","category-ctf-fr","tag-2015-fr","tag-ctf-fr"],"_links":{"self":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/comments?post=866"}],"version-history":[{"count":2,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/866\/revisions"}],"predecessor-version":[{"id":879,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/866\/revisions\/879"}],"wp:attachment":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/media?parent=866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/categories?post=866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/tags?post=866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}