Find the easy Pass

SHA256 HASH --> 0c48ca8a4a3ab2f73f76b0e6535c2feb510c1caf16b8bcc41c74b392c945e4db

Zip File Password: hackthebox

  • On kali we'll use haschat to break it.

  • I tried rockyou wordlist as well as trying to brute force it with the following on my own computer with a GPU.

hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a
  • The laptop GPU actually killed this in about 3min which was impressive and makes me want to see how long my desktop would take.

  • I decided to backup and assumed that this isn't the direction they want me to take. Therefore, let's see if we can break down the app they provided us.

  • When you download and unzip the app on your computer and open it up, you will find the following:

  • I tried a couple of obvious ones but nothing worked.

  • I did some googling on how I could analyze this program and it seems like I should be using Ghidra.

    • I had to use this video to learn how to install it on linux.

  • After installing Ghidra I opened it up and opened the exe into it to analyze it.

  • I then searched for the string password.

  • If I click on the first one it'll put me down the system to a memory point labeled 00454131.

  • It looks like when I read the code on the right it specifies that it is an if/else statement comparing param1 and param2. One of these parameters should be the real password.

  • The next step is to install a debugger called x64dbg which will allow me to run the program and see what is happening.

    • Install this on windows or linux.

  • I will open the program up in x64dbg and scroll down to the memory point 00454131.

  • I right clicked on this memory point and specified it as a breakpoint.

  • I will then click run on the program which should run the exe.

  • I will input a "test" password and the debugger should stop at the point that it is validating my guess to the actual password.

  • It looks like it is comparing my "test" password to a password of fortran!

  • I still want to try if I can crack the hash though.

    • Now that I know it is a 8 character string with lowercase characters and symbols, I will see what my laptop is capable of doing.

hashcat -m 1400 -a 3 -d 2 [HASH] ?a?a?a?a?a?a?a?a
  • Probably not as hashcat says it'll take 21 days to crack on my laptop. I'll have to see how long it would tak on my other computers.

Last updated