Hack This Site!

[Advertise With HackThisSite.org :: Hide These Ads]

"All our knowledge merely helps us to die a more painful death than animals that know nothing" - Maurice Maeterlinck

HTS costs up to $300 a month to operate. We need your help!

Donors also receive special recognition on our donors page.

FR DE ES IT PT

Link to us!

phoenix free shells
hackergames.net
PullThePlug

Solving application 16 - The very easy way
Published by: Nabukadnezar, on 2008-01-15 16:54:31
Step 1 - What do you need a. A Linux Distribution (For example I used Ubuntu 7.10 under VMware Workstation) b. Boomerang Decompiler Official Description: A general, open source, retargetable decompiler of machine code programs Download from: http://boomerang.sourceforge.net/ c. Evan's Debugger Official Description: A debugger which is as functional and usable as OllyDbg but for Linux Download from: http://www.codef00.com/ Step 2 - Understanding the program Download it in Boomerang's directory: CODE : `# wget http://www.hackthissite.org/missions/application/app16win.tar` Untar it: CODE : `# tar xvf app16win.tar` And run it: CODE : `# ./app20 Can't open.` It says "Can't open.". Strange. Let's decompile and try to understand it better. CODE : `# ./boomerang app20` Now analyze the output files. Try to understand the basics of the code. There's a main function and a strange complex mathematical one. Each starts with an address which you'll copy in some other file temp.txt for easier later use. So now you got two addresses of two functions and a basic understanding of the program. Go to the next step. Step 3 - Prepare If you skipped the last step you won't be able to do this one. Step 4 - The Fun Part Open Evan's Debugger, configure the symbols/plugins directories if needed and set the initial breakpoint to the application entry point. Open app20 with the debugger and press F9 to start the application. It automatically breaks after initialization. Right click, select Goto Address, paste the address of the main function and put a break on it. Then do the same for the mathematical function. Continue the run of the program with F9 until it ends. You will notice that it didn't even call the mathematical function. Reload it, start it, put the same two breakpoints but this time look in the main function until you find the location where the mathematical function is called. Don't forget to also note the address of this call in temp.txt You might need it if you fail from the first try. What you found looks like this: CODE : `test ... jnz ... [...] call ADDRESS` You need to force the program to make that call. [faith] What I did was simply right clicking on CODE : `test ...` , selected Edit Bytes, copied the Hex stuff, then right clicked on CODE : `jnz ...` , again selected Edit Bytes and pasted the Hex stuff from the previous command. It now looked like this: CODE : `test ... test ... [...] call ADDRESS` [/faith] Now just keep clicking F9 until the program is finished and check its output. You got a password! Modify it a bit and finish the level.
Cast your vote on this article 10 - Highest, 1 - Lowest

Comments:
Published: 16 comments.

eljonto - 09:28 pm Tuesday January 15th, 2008

Nice article, easy to understand- but maybe next time write a little bit about why the things happen that do. Otherwise good work!

hackthissiteok - 09:46 pm Tuesday January 15th, 2008

Great article! I\'ve been waiting on an App16 one for a long while, 10 out of 10

gagemel - 04:13 pm Saturday January 19th, 2008

use gdb.it`s better

scrapmac - 05:55 am Thursday January 31st, 2008

ya good but i was looking fo logic solutions

DOOMDUDEMX - 09:13 am Friday February 08th, 2008

i think that it is cheating since you are not the one who did the advanced stuff. you just used someone others program to find it out but i dont really know what ways of solving the problem the site administrators had in mind so i dont really know.
at least i will try to solve them without any special tools.

passwrdyserv - 04:03 pm Friday February 08th, 2008

d00d...i used windows and a hex editor to complete this one lol

fookyourshist - 05:03 am Monday March 24th, 2008

sweet thats awsome, but next time give a more on depth tut. 9/10 xD

zero_a - 06:33 pm Friday April 11th, 2008

im a novice .. please help me .. bacis level 3 .. how to solve it ..

mutants_r_us_guild - 12:32 am Tuesday June 10th, 2008

um..wtf? this is NOT how you were supposed to solve this app challeng. lol! This was an extremely easy challenge I made a while back that got trashed due to the flaw that the C++ compiler I was using showed the pass in notepad and the DOS compiler stored it in temp files. lol... I've been gone nearly a year, come back, and find my mission has been recompiled.. however; unsuccessfully. Open the exe in resource hacker and there a resource tree labeled password. The pass in the resources however does not work in the newly compiled program. So... too whoever bothers to do all this to get the pass, KUDOS! You beat it a different way. This was just to demonstrate that some lazy people would rather hide the password than remember it. (Remind you a security sam from the basic missions?) lol.. so if someone can please give me the correct pass Ill alert comperr or one of the other devs. I wonder who re-comliled it? Anyways, the old pass should have been:

737065656368

but that doesnt work.

mutants_r_us_guild - 12:47 am Tuesday June 10th, 2008

lol.. I figured it out.. they accidentally combined two of my missions. This is the one that was meant to be solved through the temp files. For some reason however, they added the resources into it as well. They f****ed my missions up. lol

mutants_r_us_guild - 05:21 am Thursday June 12th, 2008

Lol.. I remembered.. duh... 737065656368 is hexadecimal for the answer. Anyway, to beat this mission, you can use the resources or open temp files while the app is running and find the original bat file and view the source. ciao!

manutd0804 - 03:06 pm Tuesday August 19th, 2008

plz help wiz realistic mission 4

Infidelity - 06:49 pm Monday October 13th, 2008

Er, duh.

vineetdhanawat - 12:31 pm Thursday December 18th, 2008

Is it only me ?? i am getting this error on trying to open FORUM page.. so gt no place to ask doubt.. and somehow my dynamic ip is always listed in banned so no IRC too :( "Fatal error: ./cache/ is NOT writable. in /usr/local/www/hackthissite.org/html/forums/includes/acm/acm_file.php on line 103"

Wolfine - 11:23 am Sunday December 28th, 2008

Thanks for Sharing!!! 10/10!

Hackmahesh - 05:38 am Sunday August 09th, 2009

hello ....i just want 2 know wat shd i know 2 complete this mission.........

This site is the collective work of the HackThisSite staff. Please don't reproduce in part or whole without permission.
Page Generated: Sat, 21 Nov 2009 14:55:19 +0000 Exec: 9
_{Page loaded in 0.20663 seconds!}
Current Code Revision: 79-Stable

Donate

Challenges

Get Informed

Get Involved

Communicate

About HTS

Translate

Partners