> For the complete documentation index, see [llms.txt](https://sgtdiddlywink.gitbook.io/htb/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sgtdiddlywink.gitbook.io/htb/machines/easy-machines/find-the-easy-pass.md).

# Find the easy Pass

## **SHA256 HASH -->** 0c48ca8a4a3ab2f73f76b0e6535c2feb510c1caf16b8bcc41c74b392c945e4db

**Zip File Password:** hackthebox

{% file src="/files/Aef8D4hFOQyRFyIL5shR" %}

* On kali we'll use haschat to break it.
* I tried rockyou wordlist as well as trying to brute force it with the following on my own computer with a GPU.&#x20;

```
hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a
```

* The laptop GPU actually killed this in about 3min which was impressive and makes me want to see how long my desktop would take.
* I decided to backup and assumed that this isn't the direction they want me to take. Therefore, let's see if we can break down the app they provided us.
* When you download and unzip the app on your computer and open it up, you will find the following:

![](/files/ARtyJoBf8FRBl48JcvzS)

* I tried a couple of obvious ones but nothing worked.
* I did some googling on how I could analyze this program and it seems like I should be using [Ghidra](https://ghidra-sre.org/).
  * I had to use this video to learn how to [install](https://www.youtube.com/watch?v=cW3L43nTvNQ) it on linux.
* After installing Ghidra I opened it up and opened the exe into it to analyze it.
* I then searched for the string `password`.

<figure><img src="/files/teEE3nyQaiXOVx8j1rvs" alt=""><figcaption></figcaption></figure>

* If I click on the first one it'll put me down the system to a memory point labeled `00454131`.
* It looks like when I read the code on the right it specifies that it is an if/else statement comparing `param1` and `param2`. One of these parameters should be the real password.
* The next step is to install a debugger called [`x64dbg`](https://github.com/x64dbg/x64dbg/releases) which will allow me to run the program and see what is happening.
  * Install this on windows or linux.
* I will open the program up in x64dbg and scroll down to the memory point `00454131`.
* I right clicked on this memory point and specified it as a breakpoint.
* I will then click run on the program which should run the exe.
* I will input a "test" password and the debugger should stop at the point that it is validating my guess to the actual password.

<figure><img src="/files/H3YTK1oTY4aWakaT70j7" alt=""><figcaption></figcaption></figure>

* It looks like it is comparing my "test" password to a password of **`fortran!`**
* I still want to try if I can crack the hash though.
  * Now that I know it is a 8 character string with lowercase characters and symbols, I will see what my laptop is capable of doing.

```
hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a?a?a
```

* Probably not as hashcat says it'll take 21 days to crack on my laptop. I'll have to see how long it would tak on my other computers.
