Application 6

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Application 6

Post by Monica on Thu Sep 16, 2010 7:40 am
([msg=45876]see Application 6[/msg])

It is highly suggested that you complete Basic missions before attempting Application missions.

If you need help with this mission, make sure you have a legitimate question. Questions like, "How can I find the password?" or "Where do I find the string?" is UNacceptable. Why? Because a.) You're stupid. b.) You obviously want to be spoonfed BECAUSE you're stupid or c.) You want to complete the mission for points because you think you can redeem them for a cheeseburger at McDonalds. I'll tell you what - below is a list of what you may need to know to complete many Application missions. Please note, not all are necessary to complete this particular mission.

In the end, we hope you do learn. That is the point of being here on HTS.

Knowledge May Be Required:
- Code Analysis/Hex-Editing
- ASM Knowledge
- Compiled Languages (i.e. C/C++, VB)
- Interpreted Languages (i.e. PHP, Perl)

Useful Tools:
- Ollydbg
- Decompiler

** P.S. Posting answers and/or spoilers (i.e. mission links, mission file names/gages, scripts/code) will DEFINITELY result in multiple warnings/bans.

The End.
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 877
Joined: Thu Oct 02, 2008 12:29 am
Location: In The Shadows
Blog: View Blog (0)


Re: Application 6

Post by Defience on Tue Sep 21, 2010 2:33 pm
([msg=46245]see Re: Application 6[/msg])

So, what exactly are you trying to say? :twisted:
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Application 6

Post by Desoxena on Sun Oct 03, 2010 7:25 pm
([msg=46982]see Re: Application 6[/msg])

So i'm very new to this so please bear with me; When doing this, what should I look at FIRST?
Desoxena
New User
New User
 
Posts: 25
Joined: Sun Oct 03, 2010 7:13 pm
Blog: View Blog (0)


Re: Application 6

Post by fashizzlepop on Sun Oct 03, 2010 7:45 pm
([msg=46983]see Re: Application 6[/msg])

If you have completed 1-5, you would know where to look first. If you haven't, start at 1.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Application 6

Post by SonicD007 on Fri Dec 10, 2010 1:00 pm
([msg=50373]see Re: Application 6[/msg])

I just completed application 6 and I didn't really see much of a difference between application 5 and this. I solved them both the same way. I think I may have missed the learning portion of this exercise unless I learned it from application 5. Can someone PM me and clarify a little bit as to whether this exercise was about looking past "interesting CHAR values" useless information to find the answer or what? Appreciate any help. I really would like to learn as much as I can from these exercises. Thanks.
User avatar
SonicD007
New User
New User
 
Posts: 3
Joined: Thu Dec 09, 2010 7:28 pm
Blog: View Blog (0)


Re: Application 6

Post by cyberdrain on Wed Aug 15, 2012 8:03 am
([msg=68756]see Re: Application 6[/msg])

I agree, the stack was very helpful in both, when you know which address to look for. Or is the point that we reverse the part where the value actually gets stored? Finding the password is a lot easier than finding the key generator part of the code. Did I do too little?
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 661
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Application 6

Post by atlas_fontaine on Mon Feb 18, 2013 3:25 pm
([msg=73884]see Re: Application 6[/msg])

The process used to get to the solution for this one seems exactly the same as that for application 5. Am I missing something here?
atlas_fontaine
New User
New User
 
Posts: 1
Joined: Mon Feb 18, 2013 1:48 pm
Blog: View Blog (0)


Re: Application 6

Post by strychnine on Tue Feb 26, 2013 3:14 am
([msg=74167]see Re: Application 6[/msg])

yup, this is almost the same with app level 5 mission..understand the assemble instructions, you can solve this one..
strychnine
New User
New User
 
Posts: 4
Joined: Thu Feb 21, 2013 2:43 am
Blog: View Blog (0)


Re: Application 6

Post by impulse_x on Tue May 28, 2013 9:23 pm
([msg=75851]see Re: Application 6[/msg])

Hi,

Using ollydb, I'm encountering what I see as "DB <code>" but it's executed as actual operating code, which
means something is amiss.

Is this supposed to happen?

[Edit:
When I opened app5win in ollydb (v2.0), I could find the "Please enter the password:"; but in app6win, it's
not found. When I hex edit it, I can clearly see the "Pleases enter the password:" string. I can see the "Invalid Password"
string in both the assembled and hexedit code.

After dissecting the code, I get a string. But it's not the right password. Can I pm someone with my process and
get some sort of understanding that I'm heading the right way?

2nd Edit:

Never mind. Completely missed a line of code. I now know the password.
Thanks

Ix
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)



Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests