Find the easy Pass

SHA256 HASH --> 0c48ca8a4a3ab2f73f76b0e6535c2feb510c1caf16b8bcc41c74b392c945e4db

Zip File Password: hackthebox

205KB
Find The Easy Pass.zip
archive

  • On kali we'll use haschat to break it.

  • I tried rockyou wordlist as well as trying to brute force it with the following on my own computer with a GPU. 

hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a

  • The laptop GPU actually killed this in about 3min which was impressive and makes me want to see how long my desktop would take.

  • I decided to backup and assumed that this isn't the direction they want me to take. Therefore, let's see if we can break down the app they provided us.

  • When you download and unzip the app on your computer and open it up, you will find the following:

  • I tried a couple of obvious ones but nothing worked.

  • I did some googling on how I could analyze this program and it seems like I should be using Ghidra.

    • I had to use this video to learn how to install it on linux.

  • After installing Ghidra I opened it up and opened the exe into it to analyze it.

  • I then searched for the string password.

  • If I click on the first one it'll put me down the system to a memory point labeled 00454131.

  • It looks like when I read the code on the right it specifies that it is an if/else statement comparing param1 and param2. One of these parameters should be the real password.

  • The next step is to install a debugger called x64dbg which will allow me to run the program and see what is happening.

    • Install this on windows or linux.

  • I will open the program up in x64dbg and scroll down to the memory point 00454131.

  • I right clicked on this memory point and specified it as a breakpoint.

  • I will then click run on the program which should run the exe.

  • I will input a "test" password and the debugger should stop at the point that it is validating my guess to the actual password.

  • It looks like it is comparing my "test" password to a password of fortran!

  • I still want to try if I can crack the hash though.

    • Now that I know it is a 8 character string with lowercase characters and symbols, I will see what my laptop is capable of doing.

hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a?a?a

  • Probably not as hashcat says it'll take 21 days to crack on my laptop. I'll have to see how long it would tak on my other computers.

PreviousSambaNextWeak RSA

Last updated