Hack The Box: Beginner Track - Find The Easy Pass


This is the second piece of the Beginner’s Track: A challenge from the category “Reversing”.


FindTheEasyPass

First of all, we download the file from the HTB platform and unzip it using the given password. We get a file called EasyPass.exe.

We can run it in Kali Linux using wine and get a password prompt:

chall easypass

Clearly the challenge is now to find the correct password. As first guess, we can run the strings command on the exe file, but that doesn’t bring us much further - at least we cannot find a text segment that clearly looks like a password. Since these easy steps don’t seem to work, we need to work with a tool to reverse engineer the program. In this case, we will install ghidra. In Kali Linux, installation is as easy as sudo apt install ghidra.

chall easypass

Then we can import the file into ghidra.

chall easypass

Ghidra is a static reversing tool. We cannot run dynamic analysis with it, but we can try to see if reversing the program flow might help us to understand what’s going on. First of all, let’s search for the position where the password is checked. We know that directly after the check, the string “Wrong password” is displayed - so let’s search for that one in Windows -> “Defined Strings”:

chall easypass

We can see that the string is called in location 00454200. Double-clicking on it reveals the respective function.

chall easypass

On the right column, we can see the respective function that is called, which is 00454144. The decompiler shows us the output, but it seems obfuscated and very complicated. So probably, we should try dynamic reversing instead of the static analysis.

chall easypass


Next try is with ollydbg. Let’s go to the function’s location with Ctrl-G at location 00454114:

chall easypass

So let’s set a breakpoint at this position and run the program. It stops and we can see some variables in clear text in the right lower window. Specifically, we can find our own password (“password”), as well as another ASCII text: “fortran!”. And with this, we have solved the challenge.

chall easypass