Grump .... stuck ... whine

900 billion dollars were spent on guns this year! Now rumours are spreading that seculas Ltd. is developing an awful laser aided weapon, and that they already have patents pending. Please try to find out what their latest patents are about.

Re: Grump .... stuck ... whine

Post by andro1d on Sat Sep 25, 2010 5:26 am
([msg=46482]see Re: Grump .... stuck ... whine[/msg])

There's some issues with the C code.

Firstly, the example given wouldn't compile because strcat and strlen are defined in "cstring", which is not included as a library in the code. Secondly, the program will more than likely crash after every run attempt due to the fact that the 200 byte array is not being initialized to 0, thus causing an unintentional buffer overflow.

This should be the replacement:

Code: Select all
char concatenated[200] = {0};


Also, to trigger a buffer overflow (i.e. to overwrite the value of is_pass_correct) the variables need to be contiguous in memory, there is no way to enforce this.

Anyway, if you're up to the "buffer overflow" section, the only hint I can give you is to look at the code and realize you're attempting to overwrite the value of a variable to trigger a "correct" response. How would you trigger a correct response? What value needs to be returned in order for that to happen? It has been mentioned in this thread that is a single capital letter. This should be informative enough.
andro1d
New User
New User
 
Posts: 7
Joined: Fri Jul 09, 2010 11:39 pm
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by kugans on Sun Oct 24, 2010 6:14 pm
([msg=48046]see Re: Grump .... stuck ... whine[/msg])

Just managed to complete it myself, here's a few "tricks" that might help :

I'm a lazy guy, instead of writing forms and stuff like that I just use the LiveHTTPHeaders firefox plugin and use the "Replay" function, directly editing the GET/POST/cookie/Referer/Agent data. (I used that for all the others missions too, it's really handy)

For the $_SESSION part, I was stuck for a while till I realised we're actually trying to fake the file with the login infos. That's why we use a totally unrelated file, part of the content it has is like the real thing so the script is lured into thinking it's a correct file.

I used http://www.passcracking.com/ for md5 reversal, or you can google "password recovery md5" there's plenty around (and it's usually faster than MDCrack as far as I've seen)

If you get weird errors with pkcrack (like I had) you can always download the source code and compile it, takes only a few extra seconds and that should solve everything (in most cases).
I managed to get the right file length with Winace v2.69, had to put it on Maximum compression setting though.

As for why we use a specific character in the buffer overflow you need to find a specific file (that is actually in a .zip) somewhere on the website (it was mentioned a few times before, it contains C code). I jumped too fast to the last login page, totally missed some paths (and some valuable infos at the same time, including that file) and got stuck there for a while before I realized it.
kugans
New User
New User
 
Posts: 1
Joined: Wed Oct 20, 2010 6:30 pm
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by cdonkin on Wed Nov 30, 2011 11:01 am
([msg=63134]see Re: Grump .... stuck ... whine[/msg])

I was wondering if anyone could offer me any advice. I've found the zip file and created another zip with the correct amount of bytes.

I'm using pkcrack with the following command:

*******.exe -C ******.zip -c "m**c (f**s **** di*******t fo****rs)\******.h*m" -P index.zip -p index.htm -d unzip.zip

And I get the error :

File misc (files from different folders)\index.htm not found in ZIP file

As far as I can tell from the tutorial, what other people have said and web videos I am using the exact same command needed.
cdonkin
New User
New User
 
Posts: 2
Joined: Wed Nov 23, 2011 8:42 am
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by Defience on Wed Nov 30, 2011 4:42 pm
([msg=63140]see Re: Grump .... stuck ... whine[/msg])

cdonkin wrote:I was wondering if anyone could offer me any advice. I've found the zip file and created another zip with the correct amount of bytes.

I'm using pkcrack with the following command:

*******.exe -C ******.zip -c "m**c (f**s **** di*******t fo****rs)\******.h*m" -P index.zip -p index.htm -d unzip.zip

And I get the error :

File misc (files from different folders)\index.htm not found in ZIP file

As far as I can tell from the tutorial, what other people have said and web videos I am using the exact same command needed.


The original file and the compressed file both should be dropped back into the "found zip" they came from, not separate zips. Also make sure that the zip file is in your pkcrack directory, otherwise you have to specify the whole path. Then run pkcrack on it:

C:\pkfolder>pkcrack -C FOUND.zip -c ORIGINAL.htm -P FOUND.zip -p COMPRESSED.htm -d unzip.zip

Notice that the 'found zip' is used 2x in there? It looks like you're using 2 different zip files (I'm assuming by the number of '*'s).
Review the help file in pkcrack to see what each flag is for.
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by cyberdrain on Wed Dec 21, 2011 6:11 pm
([msg=63360]see Re: Grump .... stuck ... whine[/msg])

cdonkin wrote:I was wondering if anyone could offer me any advice. I've found the zip file and created another zip with the correct amount of bytes.

I'm using pkcrack with the following command:

*******.exe -C ******.zip -c "m**c (f**s **** di*******t fo****rs)\******.h*m" -P index.zip -p index.htm -d unzip.zip

And I get the error :

File misc (files from different folders)\index.htm not found in ZIP file

As far as I can tell from the tutorial, what other people have said and web videos I am using the exact same command needed.


In addition to what Defience said, you should use one of the shareware programs (e.g. Winzip or Winrar) to create the new archive, 7-zip for example didn't cut it for me on default (or used to, can't say anything about now). Seems like some programs use very different default settings or algorithms than the one used for the already zipped found file.
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 661
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by rudxai on Tue Jul 03, 2012 3:25 pm
([msg=67702]see Re: Grump .... stuck ... whine[/msg])

UPDATE:
! OMG i didn't realize that you had to dl and save the original plaintext...Like a fool, i was just compressing the newly extracted one from the encrypted file with extract.exe. gah >.<
BUT do you know what the funniest thing of all is? That using WinZip to make the new compressed file, the bytes are more! But using Winrar the bytes are 1245. Wow... epic challenge fail.

Great..now I'm at the m****u*h.**p part, I submit the altered stuff and i get a blank screen,go back to view the messages and get a blank screen again! is that a bug or am i missing something?
rudxai
New User
New User
 
Posts: 1
Joined: Tue Jul 03, 2012 3:09 pm
Blog: View Blog (0)


Windows Users Advise

Post by Yaulp on Thu Aug 16, 2012 6:19 pm
([msg=68777]see Windows Users Advise[/msg])

Just to advise windows users that dont have in mind to install Linux just for that kind of waste of time,
pkcrack will only say "Sorry, not enough memory available" on windows NT 6.1 (windows 7).
I do not see the interest to spend hours on how to crack an archive where we must have some files already, i think its an unreal case.
Nevertheless thx for the 14 others realistics missions, trained me a lot!

Cheers
Yaulp
New User
New User
 
Posts: 1
Joined: Mon Aug 13, 2012 4:04 pm
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by impulse_x on Thu May 16, 2013 4:32 am
([msg=75609]see Re: Grump .... stuck ... whine[/msg])

I'm struggling with getting the unzip.zip file.

I have pkcrack for Linux. I'm using the linux zip program. (Is this ok?) I'm not getting the right size for the zip file.

zip -9 i.zip index.htm gives me 1408.

I've also tried on my windows box using Winrar, but that zips to 1356.

So even attempting the pkcrack doesn't work.

pkcrack -P b*.z* -p m*...tm -C index.zip -c index.htm -d unzip.zip

This produces:

Generating 1st generation of possible key2_1251 values...done.
Found 4194304 possible key2-values.
Now we're trying to reduce these...
Done. Left with 6422 possible Values. bestOffset is 24.
Stage 1 completed. Starting stage 2 on Thu May 16 17:19:17 2013
Stage 2 completed. Starting zipdecrypt on Thu May 16 17:23:48 2013
No solutions found. You must have chosen the wrong plaintext.
Finished on Thu May 16 17:23:48 2013

So clearly I'm not doing this right. Under Linux, aside for zip, do I have any other options?

This is certainly an 'insane' mission.
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by reverber on Fri Jun 13, 2014 1:07 pm
([msg=81366]see Re: Grump .... stuck ... whine[/msg])

For those of you on windows that have done everything right but still can't for some reason get pkcrack to run properly, it does compile and run quite well on cygwin. I have just done this and so long as when you install cygwin you choose to install the files for make and gcc it compiles fine. now on with the rest of the mission.
reverber
New User
New User
 
Posts: 1
Joined: Wed Jan 22, 2014 1:31 pm
Blog: View Blog (0)


Re: Grump .... stuck ... whine

Post by Joygun_ on Wed Jun 18, 2014 12:59 pm
([msg=81521]see Re: Grump .... stuck ... whine[/msg])

Guys my operating system doesn't execute the pkcrack.exe file cuz its 32 bit and cant find how to get 64 bit version,is there any program except than pkcrack ?
Joygun_
New User
New User
 
Posts: 15
Joined: Tue Jun 10, 2014 4:33 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 15) seculas Ltd.

Who is online

Users browsing this forum: No registered users and 0 guests