Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 18
Members Online: 3

Registered Members: 82906
Newest Member: ilija
Latest Articles
View Thread

HellBound Hackers | Challenges | Application Cracking

Author

App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-01-07 07:21
I'm stuck at this....i've completed all the other apps....

any pointers to how i should start..
Author

RE: Steps...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-01-07 07:30
Step1:Read Some Tutorial On Assembly Language
Step2:Understand The Code Flow Of APP-Extra
Step3:Retrive The Password
Step4:Help Others..


PS: Don't Get Misguided By looking At My Profile....I've Cracked It...And Submitted My Answer ..For Points...






Author

RE: Code Flow


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-01-07 14:43
i read some articles on assembly laguage....
but i still cant carack it....

i've put breakpoints on thoes text references..but still no luck....

Author

RE: Code Flow


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-01-07 15:05
Find out..in the application how does it checks for the password length

there r two easy methods...

PS : forget LenStr

the answer is near it....


Author

RE: App extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-02-07 09:27
Can someone give me link for ASM language tutorial. I would need it. Don't say "google for it". Say "here is the link ...".


Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-02-07 09:59
Say "here is the link ...".



here is the link ...


Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-02-07 10:47
http://en.wikibooks.org/wiki/X86_Assembly

I remember finding something really useful there when I was trying to learn x86 ASM... but that is all I can give you, I don't have time to find the actual thing right now.
Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-09-07 23:23
I'm near it, but still can't see it.


UnknownFromHell wrote:
Find out..in the application how does it checks for the password length

there r two easy methods...

PS : forget LenStr

the answer is near it....
Author

RE: App Extra

crashbird
Member



Posts: 83
Location: India
Joined: 15.06.07
Rank:
Newbie
Posted on 14-06-08 10:39
ok.. i did submit my solution.. but haven't got any points for it..
If i did something wrong.. should i again submit my (edited)answer or should i just wait for the admins to check it out..

if my answer is wrong please notify me so that i correct it..



www.hellboundhackers.org/sig/r/20526.png
elijah981 elijah981
Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 22:49

Answer (Provide the actual answer and how you got to it.):


Are there multiple passwords or just one ? (I have multiple valid 'passwords'Wink
Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 08:28
Should be just one if you did it the right way. Your answer should be the same word the program uses.

It is possible to have collisions, but like js 16, there is only 1 right answer.


PS. I submitted my answer a few days ago, so be prepared to wait for it to get checked.
That said, it is probably worth being confident that your answer is right,
otherwise it will be a waste time for both yourself and the admin checking it.
Author

RE: App Extra

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 25-06-08 09:48
Johnson wrote:
Your answer should be the same word the program uses.

I dont' think so ^^ when I beat it, I changed the application's password check function and beat it with a random password Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 10:26
Uber0n wrote:
Johnson wrote:
Your answer should be the same word the program uses.

I dont' think so ^^ when I beat it, I changed the application's password check function and beat it with a random password Wink


Well then it just depends on which methods the admins will accept.

The challenge does state that you're looking for the 'actual' answer,
but whatever.
Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 11:45
Johnson wrote:
Should be just one if you did it the right way. Your answer should be the same word the program uses.


Define 'the right way'...

There are 4 'checkpoints' that are needed for this challenge. (3 of them are checking for the same value)

So there is no way to get the 'exact' password from the program itself. Or do i have to write a bf-script ?








Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 12:14
pr2008 wrote:

Define 'the right way'...

There are 4 'checkpoints' that are needed for this challenge. (3 of them are checking for the same value)

So there is no way to get the 'exact' password from the program itself. Or do i have to write a bf-script ?



There is a way to get the actual answer. I made some assumptions when I did it,
but would have to think that the result I got is the same.

Don't bother with a bruteforcer just get stuck into how the program actually works.

I'm not sure if this is too much info, and if it is someone can feel free to edit it...

At some point in the program it does specify a set of characters which are used to compare
your input against (after it has been manipulated in some way). My answer consisted of finding
those characters, and figuring out the order which gave me the correct output.

If you need to know more than that consider PM'ing me.

Edited by on 25-06-08 12:17
Author

RE: App Extra

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 25-06-08 12:26
pr2008 wrote:
Or do i have to write a bf-script ?

Just as Johnson said; bruteforce is not necessary.


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 12:59
Johnson wrote:
It is possible to have collisions, but like js 16, there is only 1 right answer.


The big difference with js16 is that you don't get the 'goodguy' message. (you can find a collision, but it won't go to the correct page; if this crackme was a real application, the passwords i found would be valid.)








Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 13:26
pr2008 wrote:

The big difference with js16 is that you don't get the 'goodguy' message. (you can find a collision, but it won't go to the correct page; if this crackme was a real application, the passwords i found would be valid.)



That is a good point. UberOn also cracked this using a different method
to what I did. Maybe an admin should clarify if getting the right message is
enough to complete the challenge.
Author

RE: App Extra


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-09-08 05:44
Sorry for tagging on to an old thread but how long should it take for admins to check the answer? I submitted my answer two days ago... I reversed this by finding the values of the buttons, a bit of patch led to being able to analyze the code which does include a hard coded password. I saved my patches and it works fine with the password.

Does admin reply, even if they aren't happy with the answer because I would like to know if my working patch is the wrong answer they are looking for.

Thanks,
zbert