Flag PMA 41.1: C: Subfolder (20 pts)Open File Explorer. In the left pane, expand the C: drive.The flag is covered by a green box in the image below.
|
The steps below this box explain how to build your own machine, which will take some time.
The Fast Way
Windows 11
If you are using VMware, download this file: Win11wTools.vmwarevm.zip
Size: 33 GB (33,045,669,798 bytes)
SHA256: 30b05a9d5483a4953c933bf46900073c4eabe836b09b19ca920dace45638c9a4It is a complete VMware virtual machine. Unzip it into a folder.
In VMware, click File, Open and navigate to the .VMX file in that folder.
Log in with these credentials:
The hard disk is encrypted, and it has a virtual TPM 2.0, as explained here.
- Username: student
- Password: P@ssw0rd
The decryption key is the same as the password, but it should not ask for it.
The hard disk on this virtual machine has already been expanded to 100 GB,
Windows 10
License Expired
On Sept 21, 2021, the license on this machine expired.To activate it for another 90 days,
open an Administrator Command Prompt
and execute this command:Then restart your machine.slmgr /rearm
VMware Users
Download this file: Win10_w_Tools_061721a.7z
Size: 17.46 GB (17,455,336,852 bytes)
SHA256(Win10_w_Tools_061721a.7z)= bbc4df40f9d334180987c892122851f7d3b7d17471d2aa05d888bc34733ab006If you are on Windows, you can unzip that file with 7-Zip. If you are on a Mac, use The Unarchiver.
Import the OVF it contains into VMware.
In VMware Workstation Player, use File, Open.VirtualBox Users
Download this file: Win10_w_Tools061721.ova
Size: 16 GB (17,668,780,032 bytes)
SHA256(Win10_w_Tools061721.ova)= f0db89dfb633ac86f14e19991e365635959d4bdeb579269feb53086dbf58f7e8Import it into VirtualBox.
Logging In
Log in with these credentials:
- Username: IEUser
- Password: Passw0rd!
Fixing Python
Open an Administrator Command prompt and execute these commands:
and Windows Defender and SmartScreen have been disabled in Local Group Policy.
Flag PMA 41.1: C: Subfolder (20 pts)
Open File Explorer. In the left pane, expand the C: drive.The flag is covered by a green box in the image below.
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
In the "Virtual Machines" list, select "MSEdge on Win10...", as shown below.
In the Choose a VM platform" list, choose your virtualization software, as shown below.
Download the file. Unzip it and launch it in your virtualization software. For VMware, use File, Import, and customize the virtual machine so it has an 80 GB hard disk.
Log in with these credentials:
You may need to install VMware Tools (or the comparable software) manually.
Download and install Firefox.
Install
WinDbg Preview
Get it from the Microsoft Store
As of July 25, 2021, the best way is to configure an Exclusion of C:\
Another method that works is to install AVG Free and exclude C: in that.
In the right pane, double-click "Configure Windows Defender Smartscreen", as shown below.
In the "Configure Windows Defender Smartscreen" box, click Disabled, as shown below. Then click OK.
Restart your Windows machine.
Instructions for VMware are here:
WinTools.zipIt contains all the installers detailed below.
Size: 1.68 GB (1,676,639,482 bytes)
SHA256: a648709f5a3597bbcdd03fc2b3c1d157b78eb6ba81cc28c0a57706d948248889
Follow the instructions there to install the programs.
Easy RM to MP3 Converter 2.7.3.700 - Local Buffer Overflow
Run the EXE installer
Explorer Suite (Includes CFF Explorer)
Run the EXE installer
Immunity Debugger
(Also installs Python 2.7)
Mona.py --
Copy to "C:\Program Files (x86)\Immunity Inc\Immunity Debugger\PyCommands"
Visual Studio 2019
Double-click vs_community__1715534944.1623934081.exe.
Check "Desktop development with C++" and install the default selection of tools
Also install "Debugging Tools for Windows" as explained in this project. Don't "Set Up Local Kernel-Mode Debugging".
capa v1.6.3
Double-click, drag to C:\Tools
Dependency Walker 2.2
Double-click. Drag all the files to C:\Tools. Right-click the EXE in C:\Tools, "Pin to Start"
Double-click. Drag all the files to C:\Tools. Right-click the EXE in C:\Tools, "Pin to Start"
JDK 16.0.1 General-Availability Release
Double-click openjdk-16.0.1_windows-x64_bin.zip. Drag the jdk-16.0.1 folder to C:\Program Files\Java
Ghidra v9.2.4
Double-click ghidra_9.2.4_PUBLIC_20210427.zip. Drag the ghidra_9.2.4_PUBLIC folder to "C:\Program Files"
Right-click C:\Program Files\ghidra_9.2.4_PUBLIC\ghidraRun.bat, "Send to", "Desktop (create shortcut)"
ILSpy
Double-click. Drag all the contents to C:\Tools, right-click C:\Tools\ILSpy.exe, "Pin to Start"
Jasmin
Drag jasmin-1.5.8-PC.jar to C:\Tools, right-click, "Send to", "Desktop (create shortcut)"
Metasploit
Launch the installer from an Administrator PowerShell window.
Halfway through, the installer pauses for a minute or two, just wait for it.
OllyDbg 1.10
Double-click. Drag all the contents to C:\Tools (skip the readme). Right-click C:\Tools\OLLYDBG.EXE, "Pin to Start"
OllyDbg Plugins: OllyDump
Double-click g_ollydump221b.zip. Drag OllyDump.dll to C:\Tools
PEiD
Double-click PEiD-0.95-20081103.zip.
Drag all the contents to C:\Tools (skip the readme).
Right-click C:\Tools\PEiD.exe, "Pin to Start"
pestudio
Double-click pestudio.zip. Drag the pestudio folder to C:\Program Files(x86)
Right-click C:\Program Files(x86)\pestudio\pestudio.exe, "Pin to Start"
PEview
Double-click PEview.zip. Drag PEview.exe to C:\Tools, right-click C:\Tools\PEview.exe, "Pin to Start"
PracticalMalwareAnalysis-Labs
Unzip with 7-Zip and the password malware.
Run the EXE. Redirect the output to the Desktop.
setdllcharacteristics
Double-click setdllcharacteristics_v0_0_0_1.zip and drag
setdllcharacteristics.exe to C:\Tools
Sysinternals Suite
Double-click. Drag all the contents to C:\Tools (skip the readme).
Right-click C:\Tools\Procmon64.exe, "Pin to Start"
Right-click C:\Tools\procexp64.exe, "Pin to Start"
UPX
Double-click upx-3.96-win64.zip. Double-click the
upx-3.96-win64 folder. Drag
upx.exe to C:\Tools
Vulnserver
Double-click vulnserver.zip, and copy
vulnserver.exe and
essfunc.dll to C:\Tools
x64dbg
Extract snapshot_2021-06-14_16-37.zip into
a folder.
Rename that folder to x64dbg.
Drag it to
C:\Program Files
Right-click C:\Program Files\x64dbg\release\x64\x64dbg.exe
and click "Pin to Start".
Yara
Double-click yara-v4.1.1-1635-win64.zip. Drag copy yara64.exe
and yarac64.exe to C:\Tools
In Control Panel, System, "Advanced System Settings",
click "Environment Variables".
In "System variables", double-click Path.
Add C:\Tools to the Path.
Posted 6-17-2021
Win 11 added 6-19-2021
VirtualBox instructions added 6-22-2021
Win 11 removed 6-30-21
Workstation Player instruction added 7-2-21
Win 11 added again 7-4-21
Win 11 removed again, Defender exclusion tip added 7-25-21
Rearming instructions added 9-21-2021
Win 11 added again 10-17-2021
inTools updated 10-18-21
Debugging Tools and Windows Update Medic Service added 10-29-21
mklink added 11-30-31
