Type: #TryHackMe Links: https://tryhackme.com/room/malstrings

What are Strings?

From a programming perspective, “strings” is the term given for data handled by an application. At a broader view, these pieces of data are used to store information such as text to numerical values. However “strings” can be stored within the application itself - where no input is necessary from the user. For example, using the example of usernames and passwords is a great representation of the many types of information that may be stored as a “string”.

We’re all security-minded people here and know that writing down passwords isn’t a very smart thing to do. However, developers are not quite so likeminded and often leave credentials in applications which are often essential i.e. An application that server needs to know the IP address of it. Arguably, an IP address is trivial in comparison to the sensitivity of a password - but both would be stored as strings.

Practical

image

After downloading the task files, the exe file was converted to a txt using strings; a program that is commonly used in malware analysis to extract strings from the suspected binary.

image

image

image

Strings in the context of malware

malware types such as botnets and ransomware rely upon information being stored within strings I.e. IP Addresses so that they are able to “call home” and connect to their “Command and Control” (C&C) server.

image

Practical 2

image

image

image

image

Conclusion

image


<
Previous Post
Snort
>
Next Post
Active Directory Helpdesk Setup