HoboKnight Posted March 12, 2011 Share Posted March 12, 2011 Hi there, I was hoping that someone could give me a little direction on a school assignment I'm working on. Now before anyone jumps on me, I'm not looking to be handed the answers, I just have no idea where to even start with this and would like a nudge towards the right path. So this assignment (for an intro to computer security class) is to figure out 4 keywords, or passwords that are hidden in a 32bit windows console executable. We are told to launch the program with out last name as an argument, and then find the passwords. The program prompts you for the passwords when you select particular item from a text-based menu. We were also told that nothing we have learned in the class so far will help us do this assignment, and that we have to figure out how to do it by looking online. I've spent time poking around the menus in the program hoping to find some clues, but had no luck. I've also tried a couple of decompilers but they both crashed when I tried to look at this particular exe. And now I'm stuck. If anyone could even just suggest an area I might want to look into I would really appreciate it. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 14, 2011 Share Posted March 14, 2011 You can try a decompiler or even just treating the binary as an ASCII file and looking for text, though that won't work if the passwords where obfuscated in any way. However, one method that is likely to be quite successful providing the passwords are not particularly difficult is a straight up brute force attack. Since it's a local program with (presumably) no brute force protection built in you could easy script up a multi threaded password generator or dictionary attack. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted March 14, 2011 Share Posted March 14, 2011 Hi there, I was hoping that someone could give me a little direction on a school assignment I'm working on. Now before anyone jumps on me, I'm not looking to be handed the answers, I just have no idea where to even start with this and would like a nudge towards the right path. So this assignment (for an intro to computer security class) is to figure out 4 keywords, or passwords that are hidden in a 32bit windows console executable. We are told to launch the program with out last name as an argument, and then find the passwords. The program prompts you for the passwords when you select particular item from a text-based menu. We were also told that nothing we have learned in the class so far will help us do this assignment, and that we have to figure out how to do it by looking online. I've spent time poking around the menus in the program hoping to find some clues, but had no luck. I've also tried a couple of decompilers but they both crashed when I tried to look at this particular exe. And now I'm stuck. If anyone could even just suggest an area I might want to look into I would really appreciate it. Open up said appliication in a hex editor and look through the ASCII representation as Sparda stated. It is a slow process, but sometimes you see them scattered about. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 14, 2011 Share Posted March 14, 2011 Try the hex editor first, if that fails try to brute force the application with hydra, that's your last resort. Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted March 15, 2011 Share Posted March 15, 2011 Rather than spend your time looking at the hex for ascii, just use strings (standard on linux, but there are versions available for windows). strings will output all strings found in the files passed as parameters, you can redirect this output to a file and work through all the values you see. Other options would to run the program in a debbuger (ollydebug) and look at variables at key points. If there is a strcmp or a strncmp function I would throw a breakpoint on them and see what values are being passed to it. Quote Link to comment Share on other sites More sharing options...
digip Posted March 15, 2011 Share Posted March 15, 2011 PEiD will also do a strings lookup as well as give you an idea what dll's its speaking with, what it was packed with, etc. The only problem I see with using strings, is if the password is encrypted, or just does a routine to look up the a comaprison to an hashed version of the password. If that is the case, it won't be as simple as looking for a 4 letter word, but give it a shot. The other method is since its a command line executable, you should be able to throw words at it with a script and wordlist to just continually try to brute force it. It might even take a switch to pass the password to it without running it first for the prompt. Try something in the command line like a help function, such as whatever the programs name is and /? or /help --help, etc. Quote Link to comment Share on other sites More sharing options...
Sprouty Posted March 16, 2011 Share Posted March 16, 2011 Hi, You might be interested in this: http://www.exploit-db.com/download_pdf/16981 Cheers, Sprouty Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.