"Lying in a featherbed will bring you no fame, nor staying beneath the quilt, and he who uses up his life without achieving fame leaves no more vestige of himself on Earth than smoke in the air or foam upon the water." -Dante Alighieri
Knowledge of batch commands
Knowledge of script injection
Understanding of hashing algorithms
As the co-creator of this mission, I feel nobody (except anonHacker) can explain it better than I. First of all, even though it isn't applicable to the mission, let's take a look a how the program works.
First, it assigns each letter the alphabet a corresponding prime number. The reason for this is that when multiplied together, prime numbers create a number unique to that combination of primes. Example:
Here we see that the two primes make the number 51. Try as you might you wont find any other divisors of 51 than 3 and 17. This is due to the fact that 3 and 17 have no divisors themselves. If we were to instead use this equation as an example:
We will find many more divisors other than 4 and 6, such as 2,3,8, and 12. The reason this algorithm was created was to solve anagrams. This is due to the Commutative property. The Commutative property says that two or more numbers being multiplied together can swap positions in the equation and the answer will still be the same. As the numbers swap places, so do their corresponding letters. In this instance, rather than being used to solve anagrams, the algorithm is being used as a rudimentary hashing algorithm.
Now that we at least know how the algorithm works, lets examine the rest of the code. After peering through the code for a few seconds, you should notice a particular line.
Even if you don't know batch, a certain line should stand out to you. Basically, this line says if the pass you entered equals something, then you are allowed in. Otherwise, you get the boot. Well that's easy, right? You've got the pass, lets put that sucker in and collect our points.
*LOUD BUZZER NOISE*
Wrong! Remember the first part was a HASHING algorithm. This is a HASH! We would decrypt it, but if you read the top part of the mission, it tells you that part is for extbasic 11. So let's see if we can exploit any vulns in this code. First of all, a vuln almost always requires echoed user input, no matter what the language. So lets see if there is anywhere for us to supply our own input.
SET /P INPUT=Insert password:
What's that I see? Is that user input? Yes it is. If you look you will notice it stores the input as a variable appropriately named "input". So lets look for any instances of input being echoed.
IF "%INPUT%"=="" "%~0"
Booyah! Hmmm... now how can we exploit that? I'll give you a hint. If you were to type hello as your user input the code would read as follows:
IF "hello"=="" "%~0"
So if it inserts your word directly in the the quotes, maybe there is a way to escape the quotes and write your own code. But remember, it starts off as an if statement, so you must make the if statement satisfy itself before running code, otherwise; the commands won't run.
Once you make the if statement always true, you should set the password variable to the hash you want, thus skipping the algorithm and the need to decrypt the hash. Lastly, you need to comment out the gibberish on the end.
Voila! You are done!
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 4 comments.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.