Security Blog, Rants, Raves, Write-ups, and Code
Find the Easy Pass
| Name: | Find the Easy Pass |
|---|---|
| Hint: | ind the password (say PASS) and enter the flag in the form HTB{PASS} |
| Base Points: | Easy - Retired [0] |
| Rated Difficulty: |  |
 |
alamot  |
| Creator: | Thiseas  |
We start this one out with an EXE file. Running file on it shows that it is a PE32 executable for Windows. When we try to execute it, we are asked for a password. I am starting to really like Ghidra. So, let's crack it open in there. This is a LOT of code for an easy challenge. We need to find the function that is called when the Check Password button is clicked. We can follow the progression in the Function Graph window of Ghidra.
We are looking for anything button-click related. So, in Defined Strings I look for the "Wrong Password" popup
Now that we know the Password check function, we can look for it in the Function Graph.
What we find is a function call to FUN_00454138 that is the Success message. So what part of the check function calls FUN_00454138?
If we dig through a little more, we see that the location is LAB_00454144. If we examine the function right before it (FUN_00404628), we can see what the EDX is pointing to. To do this, I'm going to set a breakpoint at LAB_00454131 (the address of the FUN_00404628). Now, Ghidra did not have a debugger at the time of this writing, so here I am switching
over to x64dbg to complete the remainder of this challenge. I believe that Ghidra either has a debugger now, or is getting one in the near future. Once the breakpoint is set, just run the program and click the Check Password button. EDX holds your flag. HTB{fortran!}
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.