MAL: Strings WriteUp

In this article, I tried to prepare a write-up for the “MAL: Strings” room on tryhackme.

[Task 1] What are “strings”?

From a programming perspective, “strings” is the term given for data handled by an application. At a broader view, these pieces of data are used to store information such as text to numerical values.

#1 What is the name of the account that had the passcode of “12345678” in the intellian example discussed above?

ANSWER: intellian

#2 What is the CVE entry disclosed by the company “Teradata” in their “Viewpoint” Application that has a password within a string?

ANSWER: CVE-2019-6499

#3 According to OWASP’s list of “Top Ten IoT” vulnerabilities, name the ranking this vulnerability would fall within, represented as text.


[Task 2] Practical: Extracting “strings” From an Application

#1 What is the correct username required by the “LoginForm”?

ANSWER: cmnatic

#2 What is the required password to authenticate with?

ANSWER: TryHackMeMerchWhen

#3 What is the “hidden” THM{} flag?

ANSWER: THM{Not_So_Hidden_Flag}

[Task 3] Strings in the Context of Malware

#1 What is the key term to describe a server that Botnets recieve instructions from?

ANSWER: Command and Control

#2 Name the discussed example malware that uses “strings” to store the bitcoin wallet addresses for payment

ANSWER: Wannacry

[Task 4] Practical: Finding Bitcoin Addresses in Ransomware (Deploy!)

#1 List the number of total transactions that the Bitcoin wallet used by the “Wannacry” author(s)


#2 What is the Bitcoin Address stored within “ComplexCalculator.exe”


[Task 5] Summary

#1 What is the name of the toolset provided by Microsoft that allows you to extract the “strings” of an application?

ANSWER: Sysinternals

#2 What operator would you use to “pipe” or store the output of the strings command?


#3 What is the name of the currency that ransomware often uses for payment?

ANSWER: bitcoin

%d bloggers like this: