Find the Easy Pass

Name: Find the Easy Pass
Hint: ind the password (say PASS) and enter the flag in the form HTB{PASS}
Base Points: Easy - Retired [0]
Rated Difficulty:
Creator: Thiseas

 We start this one out with an EXE file.  Running file on it shows that it is a PE32 executable for Windows.  When we try to execute it, we are asked for a password.  I am starting to really like Ghidra. So, let's crack it open in there. This is a LOT of code for an easy challenge.  We need to find the function that is called when the Check Password button is clicked. We can follow the progression in the Function Graph window of Ghidra.

We are looking for anything button-click related. So, in Defined Strings I look for the "Wrong Password" popup

Now that we know the Password check function, we can look for it in the Function Graph.
What we find is a function call to FUN_00454138 that is the Success message. So what part of the check function calls FUN_00454138?

If we dig through a little more, we see that the location is LAB_00454144. If we examine the function right before it (FUN_00404628), we can see what the EDX is pointing to.  To do this, I'm going to set a breakpoint at LAB_00454131 (the address of the FUN_00404628). Now, Ghidra did not have a debugger at the time of this writing, so here I am switching
 over to x64dbg to complete the remainder of this challenge.  I believe that Ghidra either has a debugger now, or is getting one in the near future.  Once the breakpoint is set, just run the program and click the Check Password button.  EDX holds your flag.  HTB{fortran!}