Bat Computer

Name: Bat Computer
Hint: It's your time to save the world!
Base Points: Easy - Retired [0]
Rated Difficulty:
HTB-Bot
Creator: w3th4nds

Download the file and check the hint:

 

Hint: It's your time to save the world!

 

File: batcomputer

 

Running a "file" check on batcomputer using:

 

──(kali㉿kali)-[~/Desktop/HTB/BatComputer]
└─$ file batcomputer 
batcomputer: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=497abb33ba7b0370d501f173facc947759aa4e22, for GNU/Linux 3.2.0, stripped

 

shows us that we are dealing with a 64-bit ELF file.

 Let's set a breakpoint at that if function and check the memory.  Now, some of you might have noticed that I stupidly tried to debug this in DNSpy x64 not x86.  I fixed that now XD  I set the breakpoint, run the program, and enter a for the userename and b for the password.  Now when we add a watch to this.o and this.check1 we notice that this.check1 cannot be "watched," but that this.o's value is "roiw!@#"  Why can't we watch this.check1?  Because it is function logic and not really a variable.  Let's follow the check1 logic path.

Following the program logic through this.check1(s) to this.check, we see that the variable is acually this.aa.  Grabbing the value of this variable, we start building the flag.

To verify, we try user roiw!@# password piph.  That failed.  Let's switch the order.  SUCCESS! We are greeted with the Correct! message. The flag is username:password like Snake:

 

HTB{piph:roiw!@#}