# Find the easy Pass

## **SHA256 HASH -->** 0c48ca8a4a3ab2f73f76b0e6535c2feb510c1caf16b8bcc41c74b392c945e4db

**Zip File Password:** hackthebox

{% file src="<https://4124809220-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlcxVqdgOGpkobti7mzML%2Fuploads%2FJ2102nfRj66A3AzdfRzj%2FFind%20The%20Easy%20Pass.zip?alt=media&token=2d1bb4c0-ae4d-4a8d-a1d6-2f6969bb0988>" %}

* On kali we'll use haschat to break it.
* I tried rockyou wordlist as well as trying to brute force it with the following on my own computer with a GPU.&#x20;

```
hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a
```

* The laptop GPU actually killed this in about 3min which was impressive and makes me want to see how long my desktop would take.
* I decided to backup and assumed that this isn't the direction they want me to take. Therefore, let's see if we can break down the app they provided us.
* When you download and unzip the app on your computer and open it up, you will find the following:

![](https://4124809220-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlcxVqdgOGpkobti7mzML%2Fuploads%2FqDo7Mk5CDjuGdMFPndUJ%2Fimage.png?alt=media\&token=6ba7f1bf-c3a6-4d1c-ae9b-755c9b60b44e)

* I tried a couple of obvious ones but nothing worked.
* I did some googling on how I could analyze this program and it seems like I should be using [Ghidra](https://ghidra-sre.org/).
  * I had to use this video to learn how to [install](https://www.youtube.com/watch?v=cW3L43nTvNQ) it on linux.
* After installing Ghidra I opened it up and opened the exe into it to analyze it.
* I then searched for the string `password`.

<figure><img src="https://4124809220-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlcxVqdgOGpkobti7mzML%2Fuploads%2FUAGGwhnVEyXNnuGSvSD1%2Fimage.png?alt=media&#x26;token=35b897e4-a418-4480-91b4-35de9f0a0dbf" alt=""><figcaption></figcaption></figure>

* If I click on the first one it'll put me down the system to a memory point labeled `00454131`.
* It looks like when I read the code on the right it specifies that it is an if/else statement comparing `param1` and `param2`. One of these parameters should be the real password.
* The next step is to install a debugger called [`x64dbg`](https://github.com/x64dbg/x64dbg/releases) which will allow me to run the program and see what is happening.
  * Install this on windows or linux.
* I will open the program up in x64dbg and scroll down to the memory point `00454131`.
* I right clicked on this memory point and specified it as a breakpoint.
* I will then click run on the program which should run the exe.
* I will input a "test" password and the debugger should stop at the point that it is validating my guess to the actual password.

<figure><img src="https://4124809220-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlcxVqdgOGpkobti7mzML%2Fuploads%2Fewuwxddt6qPZDS0z8mYc%2Fimage.png?alt=media&#x26;token=d4abf0e6-6215-480e-a75f-1c504dd40adc" alt=""><figcaption></figcaption></figure>

* It looks like it is comparing my "test" password to a password of **`fortran!`**
* I still want to try if I can crack the hash though.
  * Now that I know it is a 8 character string with lowercase characters and symbols, I will see what my laptop is capable of doing.

```
hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a?a?a
```

* Probably not as hashcat says it'll take 21 days to crack on my laptop. I'll have to see how long it would tak on my other computers.