Irregular Expressions

Oct 18 2012   9:29PM GMT

Hackthissite.org Application Level 5

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Time for level 5.

When you run application 5 it displays a dos box that prompts for a password.
If you look through the file we can see a couple other strings.

00401022 |. 68 30704000 PUSH app5win.00407030 ; ASCII "Please enter the password:"
004010C9 |. 68 4C704000 |PUSH app5win.0040704C ; ASCII "Invalid Password"
004010E0 |. 68 60704000 PUSH app5win.00407060 ; ASCII "The password is %s

We also have some call and jump’s around those, we should set some break points on them to follow the execution.

Also if you look further down the file you will see some switch statements, lets put break points on all of those too just to see what happens.

Alright, lets resume the application and see what breakpoints we can hit. Lets start by entering a 8 character password, and see what happens.

With an 8 character password I can see it loop through what I am suspecting is some sort of loop. It seems to start at 00401054, it loops 8 times then quits. Lets see what happens when you throw a longer password in there, lets try 20. Now that’s something worth following, with a 20 character password it loops 16 times then quits. Now we are going to have to get dirty and slow, I am going to follow the execution down through the compares to see what its doing. This may not be the answer but we will learn more about it.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: