Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 21
Members Online: 3

Registered Members: 82818
Newest Member: Ahmed
Latest Articles
View Thread

HellBound Hackers | Challenges | Application Cracking

Author

App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 03:00
Hi, i've been working on App 12 for ages now and i still can't figure out what to change:angry:

any help, ideas or Hints!!!!
thanks
Author

RE: App 12, the most annoying thing ever

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 27-01-07 03:29
Easy way to do it is brute force it 1-10 chars(hint). Can't patch this oneWink


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 03:32
oh gee thanks, Uberon said that i had to change a jnz to something else using olly db, does any one have any ideas what that might be
Author

RE: App 12, the most annoying thing ever

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 27-01-07 03:40
If you try to reverse eng. this one by changing jnz to jz it will accept any answer but not the right one. Brute forcer takes less than a minute if done rightGrin


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 04:05
i've tried a buteforcer before on this but i don't think i did it right
this is my code i used in c#:
Code
private void bruteforce()
        {
            for(int i=600;i<1000000000;i++){
                if (stop)
                {
                    break;
                }
                string command = "/C " + i;
                this.number_txt.Text = "" + i;
                System.Diagnostics.ProcessStartInfo psi =
                    new System.Diagnostics.ProcessStartInfo(@"app12.exe", command);
                psi.RedirectStandardOutput = true;
                psi.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden;
                psi.UseShellExecute = false;

                System.Diagnostics.Process listFiles;
                listFiles = System.Diagnostics.Process.Start(psi);

                System.IO.StreamReader myOutput = listFiles.StandardOutput;

                listFiles.WaitForExit(2000);

                if (listFiles.HasExited)
                {
                    string output = myOutput.ReadToEnd();
                    int p;
                    float a;
                    a = i / 1000000000 * 100;
                    p = (int)a;
                    bar1.Value = p;
                    this.processResults.Text = "" + p + "% Percent done.";
                    if (!output.Contains("Wrong password"))
                    {
                        MessageBox.Show("Got it: " + i);
                        break;
                        this.processResults.Text = output;
                    }
                }
            }
        }


Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 04:54
You don't need to brute force app12, you only need to look at one line of asm code- it's extremely simple and doesn't deserve to be the final app challenge (besides app extra).
Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 05:10
yea i know which line it is but i have no idea what to change it to :xx:
Author

RE: APP 12 the easiest...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 08:07
WizardOfAus ..... gave u the hint......

app12 is the easiest...

dont overthink the challenge, just becoz its the last app it does'nt mean it has to be tough...and there is absolutly no need for brute forcing....patching etc... or even applying break points.
once u understand..."WizardOfAus" hint.. u'll do it it less than 2mins.. or may be less like me....

Happy Craking

PS:Think, like it was the easiest app,how would the app check for the pass





Author

RE: App 12, the most annoying thing ever

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 27-01-07 09:32
I agree ^^ this one was one of the easiest app cracking challenges, the only thing required is a tiny bit of ASM knowledge. What I said was that changing the common JNZ > JZ or vice versa isn't the right thing to do here, you only have to use a different kind of comparison... Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: App 12, the most annoying thing ever

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 27-01-07 13:05
WizardOfAus wrote:
You don't need to brute force app12, you only need to look at one line of asm code- it's extremely simple and doesn't deserve to be the final app challenge (besides app extra).


ROFL, the apps go in order of submission you retard.


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 14:26
^^ Well it's ranked 2nd hardest by the points system, so it's obviously supposed to be one of the 'hardest'- Pfffttt hard!? Your just pissed cause you wrote an easily crackable app.

And to think you were just so kind to me, helping with real 16 about 15 minutes ago- now your calling me a retard.

Oh well I don't think I'm going to get a reply from the last PM I sent you.
Author

RE: App 12, the most annoying thing ever

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 27-01-07 15:06
I can see why they give it some extra points though, since it forces you to think a bit different than usual (which seems to trouble many people Pfft)


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 20:06
Thanks for all the help but i just don't get any luck, i searched on google for anything about using another cmp command but i just can't figure out how to do itSad
Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 21:05
You have to change nothing becouse the app dont give us a pass but say use the same code on the app page to get points. So you have to find the pass in the code. The CMP command compare two values, the password and your entry. After there are a jump -->JNZ somewhere. If the values are equals so u guessed the password, JNZ is not taken and you can see the message Congrats, use the same code bla bla bla.
Find the CMP where the app compare your entry to the password. A good hint is that the CMP is near the JNZ that jump to the ascii "incorrect password". Think hex and read more about asm. Hope this help.


Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-07 22:07
hmm...., i'll think about it...
what do you mean by hex, how is that going to help?
Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-01-07 17:53
Its useful even translate the hex values when you are in trouble cracking. Maybe somethimes you'll see numbers or letters if you translate the hex values.


Author

RE: App 12, the most annoying thing ever


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-03-07 07:48
WizardOfAus wrote:
^^ Well it's ranked 2nd hardest by the points system, so it's obviously supposed to be one of the 'hardest'- Pfffttt hard!? Your just pissed cause you wrote an easily crackable app..


you can obv see he didn't try to write a difficult app it was simply something like

printf("first message"Wink;
asd = scanf();
if(asd == correctAnswer) //its a value but i'm obv not gonna write it here
{
printf("correct answer message"Wink;
}
else
{
printf("you fail"Wink;
}
system("pause"Wink; // sorry i forgot this

maybe if you had a clue, you would have understood that he hadn't even tried.

Edited by on 02-03-07 07:51
Author

RE: App 12, the most annoying thing ever

lukem_95
Member

Your avatar

Posts: 232
Location: 127.0.0.1:80
Joined: 05.07.06
Rank:
Apprentice
Warn Level: 5
Posted on 29-03-07 19:28
i understand that this is a very simple challenge, just a matter of finding the hex encoded (possibly) password in the asm and tapping it in, however i cannot find the jump location after the CMP (or basicly what it compares to)


www.hellboundhackers.org/news.php?logout=yes