This is my first malware analyis, so apologies for my probably noob-like question. I’m having a look at a website running an outdated version of WordPress which was hacked. The Website runs on a shared hosting.
I managed to identify the first layer. There is a hidden .ico file laying in /wp-admin which seems to be embedded in various other .php files such as index.php, etc. by using an @include statement. The .ico file (.4fb85c6a.ico) includes obfuscated PHP and a lot of senseless comments – I guess to make analysis harder. I stripped all comments and was left with three lines of code.
If I understood it correctly, the first line saves the name of the current file in the variable $ _ly98o. Second line is obfuscated code and I’m only partly understanding the third line. It seems that $ _ly98o is multiplied until it matches the length of $ _g8er6 and then those two are XOR’ed with each other. I replaced the eval statement with an echo and executed the script to see what it actually does. I’m stuck at this point as the echo only returns non-readable rubbish.
How do I deobfuscate/analyse the code returned from echo?
Code can be found on https://pastebin.com/8pkSZcLe due to character count limitations.
I have encrypted a file and sent to another vm. Decripted the file and all was fine. Closed the shell, reopened and attempted to decrypt the same file. This time it didn’t ask for the passphrase but simply showed the decrypted text.
My question is If I wanted to force the passphrase to be entered upon every decrypt, ( in case someone got into my machine / user ), how could I ensure that the phrase would need to be entered everytime?
Clearly I am missing an in depth understanding of what is happening here.
Can a naked Changeling use its Shapechanger feature to duplicate the appearance of clothing or equipment, similarly to Mystique from the X-Men?
As an action, you can change your appearance and your voice. You determine the specifics of the changes, including your coloration, hair length, and sex. You can also adjust your height and weight, but not so much that your size changes. You can make yourself appear as a member of another race, though none of your game statistics change. You can’t duplicate the appearance of a creature you’ve never seen, and you must adopt a form that has the same basic arrangement of limbs that you have. Your clothing and equipment aren’t changed by this trait. You stay in the new form until you use an action to revert to your true form or until you die.
The feature states that it can’t change your clothing and equipment, but doesn’t mention anything regarding changing your body to duplicate the appearance of clothing or equipment.
It also states that you can turn into other races. So if a Changeling can turn into, for example, a Yuan-ti Pureblood and duplicate the appearance of scales, then I see no reason why it wouldn’t be able to duplicate the look of leather, or silk, or other clothing materials.
My players kind of have a habit of, “If it walks like a duck and talks like a duck, WE MUST KILL IT!“
Recently they came across a small goblin camp and one of them (who speaks goblin) verbally bluffed the goblins into thinking he was their leader coming back from a meeting or some such business. “Brilliant,” I thought, “let’s see where they take this”… Into an ambush it turned out.
Or in another example they learned of an enemy supply caravan heading from one town to another in a couple of days, so they ambushed it the road, rather than thinking of another option.
Now I have no problem with this whatsoever, I’m still new to DMing, not yet great at the role-play side of things in any case, running a published campaign, am running things more or less by the book, which my players don’t seem to mind, and the caravan combat at least is in the book.
I guess what I’m getting at is; How do I encourage players to think outside the combat box and how do I, as the DM, give them other options without blatantly saying something like “maybe they don’t want to fight”?
To hopefully make things a little more clear and to give another example, of which the PCs haven’t actually come across yet.
Say the PCs are camping in the forest and whoever’s on watch hears wolves howling and getting closer, whether they wake the others up or not my lead in woud be something like;
Eventually there’s a rustling in the bushes nearby and you see pairs of glowing red eyes that seem to watch your movement. After a minute or two a pack of wolves stalk out from behind the bushes and into the light of your camp fire, their eyes set with ravenous hunger and their jaws dipping with saliva.
How can I open up the possibility that if the PCs offer up some of their own food supplies than the wolves would be complacent and either back off or stick around for the night in the warmth of the fire and help protect the PCs?
Not looking for answers specifically relating to that scenario but hopefully you get the idea.
So effectively, I am working on creating my very own TTRPG rulebook based on my own setting and universe. The only question I got is how much of mechanics am I allowed to be inspired by?
Effectively, Warhammer 2E was a HUGE inspiration for this. I loved the percentiles, the combat mechanics, how your character begins as a no one and climbs up to being a hero. Or easily dies. I loved how the skills worked and everything.
I ask as I would really enjoy using the percentiles and combat. Not necessarily the same skills, (Read/Write is an example of one I wont be using) and more flavored to my own setting, with new skills coming in and old skills going away. I would also be changing how advance skills work entirely as well. Magic System would also be entirely changed from it, so mainly I am asking if it would be legal to use the main attribute system, secondary attribute system, and the combat system and, if so, to what degree.
Authy is a popular cross-platform TOTP application that supports syncing keys across devices. I have been a little confused by the idea of having a desktop client… This way if someone accesses my primary PC they’d find all my passwords saved in my browsers, and would have access to my TOTP keys as well…
Doesn’t installing a TOTP client on your primary PC undermine the whole point of 2FA?
I have read that the polymorph and power word kill combo can be annoying for DM’s but I’m confused on why it works. In the description for polymorph it states:
The transformation lasts for the Duration, or until the target drops to 0 Hit Points or dies.
Shouldn’t when it dies from power word kill it should revert back to it’s normal form with it’s normal hit points?
I remember learning about an attack against sequential cipher locks – ones that don’t have a ‘reset’ or ‘enter’, you just enter digits and as soon as the last n consecutive entries match, the lock opens. So, if the code is ‘1234’, the sequence ‘32431234’ will work just fine.
The attack depends on a specific sequence that appends such digits that the resulting ‘tail’ of the string is as new as possible.
Let’s take for example a 3-digit binary lock. The possible codes are 000, 001, 010, 011, 100, 101, 110, 111. To try all 8 codes in standard brute force attack, you’d enter 24 digits total.
But instead, entering sequence 0001110100, 10 digits total, you cover all combinations and unlock the lock – generating sequences: 000, 001, 011, 111, 110, 101, 010, 100, each new digit past first 2 generating a new code.
For the good of me, I can’t recall the name of the sequence used for this sort of attack.
Arrange the following growth rates in the increasing order
There’s some website which I can’t have access to and they return 403 error to me. On the other hand, there are some DNS servers, where if I use them, I can have access to those websites!
Does using these unknown DNS servers cause any security risks for me? Is there any way for the owner of DNS to use my computer or my IP address… or any malicious act or cyber attack?