This is the second piece of the Beginner’s Track: A challenge from the category “Reversing”.
First of all, we download the file from the HTB platform and unzip it using the given password. We get a file called
We can run it in Kali Linux using
wine and get a password prompt:
Clearly the challenge is now to find the correct password. As first guess, we can run the
strings command on the exe file, but that doesn’t bring us much further - at least we cannot find a text segment that clearly looks like a password. Since these easy steps don’t seem to work, we need to work with a tool to reverse engineer the program. In this case, we will install
ghidra. In Kali Linux, installation is as easy as
sudo apt install ghidra.
Then we can import the file into ghidra.
Ghidra is a static reversing tool. We cannot run dynamic analysis with it, but we can try to see if reversing the program flow might help us to understand what’s going on. First of all, let’s search for the position where the password is checked. We know that directly after the check, the string “Wrong password” is displayed - so let’s search for that one in Windows -> “Defined Strings”:
We can see that the string is called in location 00454200. Double-clicking on it reveals the respective function.
On the right column, we can see the respective function that is called, which is 00454144. The decompiler shows us the output, but it seems obfuscated and very complicated. So probably, we should try dynamic reversing instead of the static analysis.
Next try is with
ollydbg. Let’s go to the function’s location with Ctrl-G at location 00454114:
So let’s set a breakpoint at this position and run the program. It stops and we can see some variables in clear text in the right lower window. Specifically, we can find our own password (“password”), as well as another ASCII text: “fortran!”. And with this, we have solved the challenge.