Security Blog, Rants, Raves, Write-ups, and Code
Security Blog, Rants, Raves, Write-ups, and Code
Tear or Dear
| Name: | Tear or Dear |
|---|---|
| Hint: | Find the username and password and put them in the flag in the format: HTB{username:password} Warning: It can produce false positives. |
| Base Points: | Easy - Retired [0] |
| Rated Difficulty: |  |
 |
alamot  |
| Creator: | Thiseas  |
Happy joy! A Windows executable file for this challenge.....
Can you hear the sarcasm coming through?
Let's do this one strictly in Windows using DNSpy. Always good to have a broad knowledge of the different tools. On cursory glance, it looks like the "button1_Click" function compares this.o and this.check1 one to ensure the credentials are correct and it is a strict check. That means this.o and this.check1 are going to be in memory for the check.
Let's set a breakpoint at that if function and check the memory. Now, some of you might have noticed that I stupidly tried to debug this in DNSpy x64 not x86. I fixed that now XD I set the breakpoint, run the program, and enter a for the userename and b for the password. Now when we add a watch to this.o and this.check1 we notice that this.check1 cannot be "watched," but that this.o's value is "roiw!@#" Why can't we watch this.check1? Because it is function logic and not really a variable. Let's follow the check1 logic path.
Following the program logic through this.check1(s) to this.check, we see that the variable is acually this.aa. Grabbing the value of this variable, we start building the flag.
To verify, we try user roiw!@# password piph. That failed. Let's switch the order. SUCCESS! We are greeted with the Correct! message. The flag is username:password like Snake:
HTB{piph:roiw!@#}
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.