Application 3 **BROKEN**

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: Application 3 **BROKEN**

Post by Celius on Tue Nov 05, 2013 9:34 pm
([msg=78059]see Re: Application 3 **BROKEN**[/msg])

I'm curious, since this issue has been around for quite some time, why it hasn't been fixed, or why it hasn't been rebranded from easy to medium or hard.
Celius
New User
New User
 
Posts: 2
Joined: Tue Nov 05, 2013 2:44 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by Disk0rd on Mon Dec 30, 2013 1:31 pm
([msg=78660]see Re: Application 3 **BROKEN**[/msg])

Well... I tried sending a pm and emailing mods, but the forum has rejected me on both tries. I am guessing it has to do with my post count.
I would appreciate it if someone would tell me what is going on here, what I have tried so far has not worked so I wouldn't count it as a spoiler and since the mission is broken anyway... Meh.. If a mod sees this and decides its too spoilery I would have then gotten in contact with the mods so mission accomplished, feel free to delete the entire post.

I am pretty new to trying to hack an application. I understand some of the basics and I have access to a couple of tools.
I ran up against the hanging on "Reading Data" thing. I think I could do this mission if it worked properly.
I did a hexdump and found the url it sends its request to, then I made hackmysite.org point to my localhost and set up an auth.php that always echoed "true".
This would solve the mission if it worked as it was supposed to, right? (if so can a mod pm me the password? :D)

Running wget https://hackthissite.org/blah returned saying something about the certificates not matching up, so I thought maybe the app recognizes this as well. I used vim and edited the exe and changed the instances of "hackthissite.org" to "localhost". This messed up the exe and it didn't run anymore. Figuring it probably offset some data and ruined the program I tried it again but changed to "123456.localhost", a string of the same length. This seemed to work and the program ran, but hung on "Reading Data" again. I checked my access.log and my server never even received a request from the program.
I don't really care about the points too much, but reading through the thread it seems that despite this, some people have still been able to extract the password from it.

What I would love is for someone to explain to me how they did this, and why it worked. I want to understand the workings of it. I've opened the program in OllyDbg, but I don't understand how this is helpful at all. I don't know how to manipulate assembly to actually do anything (I've written programs in assembly for 16-bit and 8-bit processors, but I have no idea how to do anything with it on an actual 32 or 64-bit computer).
Disk0rd
New User
New User
 
Posts: 1
Joined: Mon Dec 23, 2013 8:01 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by occamsrzr on Tue Mar 11, 2014 1:20 am
([msg=79847]see Re: Application 3 **BROKEN**[/msg])

I've been stuck on this one forever. So much so that it's made me give up. At least at HTS. I moved on the Hellbound Hackers. But every so often I return and give it another shot, hoping I've gained enough new knowledge to beat it this time.

From what I've gathered, ppl complete this missing one of two way: using a hex editor to manually alter a very specific set of bytes to return 'true' instead of 'false', essentially resulting in if(success=true){good job};if(success=false){you fail}; into if(success=false){good job;}

The second method is finding the specfic test op code that does the comparison, and altering the operand to always return true.

-- Thu Mar 13, 2014 8:01 pm --

I'm bound and determined to finis this mission. Here's a bit more info on what's wrong; you're sending a null character in the beginning of the "key". That's why your web server is responding with a 400 Bad Request. Because it is a bad request.

http://imgur.com/a/Ct2AF
occamsrzr
Experienced User
Experienced User
 
Posts: 53
Joined: Wed Aug 24, 2011 10:28 pm
Blog: View Blog (0)


Previous

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests