>>9468Well, sort of.
The beginner will find a hook to execute whatever code they like. Zero the byte at address 6666h. The jump address is already filled, and demonstrates that the machine is little endian. The next hint is usually another address. After demonstrating a few incremental reverse engineering feats the self modifying code may do just that...
The intermediary reverse engineer will probably think outside of the presented box. After jumping through a series of hoops in a different direction they'll discover a sort of "map" to potentially secure a mid level login.
Some skilled hackers think the skullcode landing page is too full of holes begging to be filled with exploits, but I disagree. Determined hackers can apparently get root if they're interested enough, but they attract attention from other pranksters so only the dedicated say root for long.
The lack of documentation is probably because the entry site has moved a few times in the past and the landing page architecture changes periodically making documented entry methods less than helpful. In fact, the underlying code changed last week, but the bytecode didn't. Internally, one's programs can specify which VM to use so as not to require recompilation.
Personally, I like skullcode for its persistent "stickyness". It's not an ephemeral completion like nearly every vuln group. The exploits developed therein don't have security ramifications for the real world so there's no ethical pressure to publish exploits, and there's no ready made library of exploits to deploy (see: Metasploit, which allows point and click skiddie tier cracking, and makes lots of CTFs unfun). There's a certain 16-bit era charm to skullcode, nowadays the security landscape is much different. The down side is there's not much help to be found on the external web. There's been talk of changing that, but this may fracture (or destroy) the community.
If you're looking for something welcoming, more mainstream, less challenging, and for popular chipsets with tons of documentation, that niche has already been filled to the brim by any of the existing security CTF (Capture The Flag) competitions.
https://www.vulnhub.com/Post too long. Click here to view the full text.