Find the easy Pass
Last updated
Last updated
Zip File Password: hackthebox
On kali we'll use haschat to break it.
I tried rockyou wordlist as well as trying to brute force it with the following on my own computer with a GPU.
The laptop GPU actually killed this in about 3min which was impressive and makes me want to see how long my desktop would take.
I decided to backup and assumed that this isn't the direction they want me to take. Therefore, let's see if we can break down the app they provided us.
When you download and unzip the app on your computer and open it up, you will find the following:
I tried a couple of obvious ones but nothing worked.
After installing Ghidra I opened it up and opened the exe into it to analyze it.
I then searched for the string password
.
If I click on the first one it'll put me down the system to a memory point labeled 00454131
.
It looks like when I read the code on the right it specifies that it is an if/else statement comparing param1
and param2
. One of these parameters should be the real password.
The next step is to install a debugger called x64dbg
which will allow me to run the program and see what is happening.
Install this on windows or linux.
I will open the program up in x64dbg and scroll down to the memory point 00454131
.
I right clicked on this memory point and specified it as a breakpoint.
I will then click run on the program which should run the exe.
I will input a "test" password and the debugger should stop at the point that it is validating my guess to the actual password.
It looks like it is comparing my "test" password to a password of fortran!
I still want to try if I can crack the hash though.
Now that I know it is a 8 character string with lowercase characters and symbols, I will see what my laptop is capable of doing.
Probably not as hashcat says it'll take 21 days to crack on my laptop. I'll have to see how long it would tak on my other computers.