Application 5

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Application 5

Post by Monica on Thu Sep 16, 2010 7:39 am
([msg=45875]see Application 5[/msg])

It is highly suggested that you complete Basic missions before attempting Application missions.

If you need help with this mission, make sure you have a legitimate question. Questions like, "How can I find the password?" or "Where do I find the string?" is UNacceptable. Why? Because a.) You're stupid. b.) You obviously want to be spoonfed BECAUSE you're stupid or c.) You want to complete the mission for points because you think you can redeem them for a cheeseburger at McDonalds. I'll tell you what - below is a list of what you may need to know to complete many Application missions. Please note, not all are necessary to complete this particular mission.

In the end, we hope you do learn. That is the point of being here on HTS.

Knowledge May Be Required:
- Code Analysis/Hex-Editing
- ASM Knowledge
- Compiled Languages (i.e. C/C++, VB)
- Interpreted Languages (i.e. PHP, Perl)

Useful Tools:
- Ollydbg
- Decompiler

** P.S. Posting answers and/or spoilers (i.e. mission links, mission file names/gages, scripts/code) will DEFINITELY result in multiple warnings/bans.

The End.
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 877
Joined: Thu Oct 02, 2008 12:29 am
Location: In The Shadows
Blog: View Blog (0)


Re: Application 5

Post by newie on Tue Oct 12, 2010 10:35 am
([msg=47426]see Re: Application 5[/msg])

you have bug in basic mission 5, you solved it in the same way of mission 4 and I don't believe that that was your point.

Moreover I have not looked at all in the Java script code and still it showed me the code.

I am sure I solved it in the "wrong" way and I have not learned what I was supposed to learn.
newie
New User
New User
 
Posts: 2
Joined: Tue Oct 12, 2010 10:00 am
Blog: View Blog (0)


Re: Application 5

Post by Avery17 on Tue Oct 12, 2010 11:10 am
([msg=47428]see Re: Application 5[/msg])

newie wrote:you have bug in basic mission 5, you solved it in the same way of mission 4 and I don't believe that that was your point.

Moreover I have not looked at all in the Java script code and still it showed me the code.

I am sure I solved it in the "wrong" way and I have not learned what I was supposed to learn.



Your posting in the wrong thread.

However, good catch. You are correct my good sir. The sources are exactly the same.
Avery17
Experienced User
Experienced User
 
Posts: 81
Joined: Fri Sep 17, 2010 11:28 pm
Blog: View Blog (0)


Re: Application 5

Post by Defience on Tue Oct 12, 2010 1:58 pm
([msg=47432]see Re: Application 5[/msg])

newie wrote:you have bug in basic mission 5, you solved it in the same way of mission 4 and I don't believe that that was your point.

Moreover I have not looked at all in the Java script code and still it showed me the code.

I am sure I solved it in the "wrong" way and I have not learned what I was supposed to learn.


This thread is for Application 5.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Application 5

Post by SonicD007 on Thu Dec 09, 2010 7:39 pm
([msg=50349]see Re: Application 5[/msg])

I had been trying to complete this mission for at least a week before I had given up to try and learn some more. I just bought "Hacking the art of exploitation" and so far I've learned a nice amount as far as memory goes (well more than what I used to know). I'm now attempting this mission again and I think I might have found the password, or at least some information that has to do with the password, and would like to pm someone about my findings to get further insight on if I'm on the right track and maybe a push in the right direction if I'm not on the right track. Thanks.

EDIT: yea I was on the right track. Finally figured this one out. 8-)
User avatar
SonicD007
New User
New User
 
Posts: 3
Joined: Thu Dec 09, 2010 7:28 pm
Blog: View Blog (0)


Re: Application 5

Post by dopamine10 on Sat Jul 23, 2011 7:39 am
([msg=60025]see Re: Application 5[/msg])

Hmmmm....

I can get the application to state: The password is X

But X is what I myself typed in as the password....time to learn about memory addresses I guess????
dopamine10
New User
New User
 
Posts: 12
Joined: Sun Sep 28, 2008 1:23 am
Blog: View Blog (0)


Re: Application 5

Post by limdis on Fri Jan 06, 2012 10:30 pm
([msg=63584]see Re: Application 5[/msg])

Still working on this one. I popped my olly cherry with the last challenge and enjoyed it so I decided to keep going. So far I have been able to:
- Prevent the program from closing and reloop
- jump over "invalid password" and have "The password is (what i put)"
- have "invalid passwordinvalid passwordinvalid passwordinvalid passwordinvalid password" show
- and NOP out single and multiple things in attempt to skip over the incorrect entry to force an answer showing, with no luck

Do we need to trick the incorrect submission (sorta like app4) or skip over the user entry entirely forcing a full showing on startup?
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1357
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Application 5

Post by DarkhX0r on Sat Jan 07, 2012 1:16 pm
([msg=63588]see Re: Application 5[/msg])

dopamine10 wrote:Hmmmm....

I can get the application to state: The password is X

But X is what I myself typed in as the password....time to learn about memory addresses I guess????


No, you are going about it the wrong way. Think carefully. If you modify the JMP that will NOT work.
DarkhX0r
New User
New User
 
Posts: 2
Joined: Wed Jan 04, 2012 8:54 pm
Blog: View Blog (0)


Re: Application 5

Post by dopamine10 on Tue Feb 21, 2012 11:10 pm
([msg=64545]see Re: Application 5[/msg])

I am so new to assembly, I will be coming back to this again soon though :)

Thanks for the tip.
dopamine10
New User
New User
 
Posts: 12
Joined: Sun Sep 28, 2008 1:23 am
Blog: View Blog (0)


Re: Application 5

Post by fabioboh10 on Sat Mar 24, 2012 10:12 am
([msg=65188]see Re: Application 5[/msg])

I tried to use a decompiler in c program. But I had no success. I wonder if it's really nescessário decompile the program. thx
fabioboh10
New User
New User
 
Posts: 6
Joined: Sat Mar 24, 2012 8:16 am
Blog: View Blog (0)


Next

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests