Jump to content

Hardcoded Passwords In A Windows Application


HoboKnight

Recommended Posts

Hi there,

I was hoping that someone could give me a little direction on a school assignment I'm working on. Now before anyone jumps on me, I'm not looking to be handed the answers, I just have no idea where to even start with this and would like a nudge towards the right path.

So this assignment (for an intro to computer security class) is to figure out 4 keywords, or passwords that are hidden in a 32bit windows console executable. We are told to launch the program with out last name as an argument, and then find the passwords. The program prompts you for the passwords when you select particular item from a text-based menu.

We were also told that nothing we have learned in the class so far will help us do this assignment, and that we have to figure out how to do it by looking online. I've spent time poking around the menus in the program hoping to find some clues, but had no luck. I've also tried a couple of decompilers but they both crashed when I tried to look at this particular exe. And now I'm stuck.

If anyone could even just suggest an area I might want to look into I would really appreciate it.

Link to comment
Share on other sites

You can try a decompiler or even just treating the binary as an ASCII file and looking for text, though that won't work if the passwords where obfuscated in any way. However, one method that is likely to be quite successful providing the passwords are not particularly difficult is a straight up brute force attack. Since it's a local program with (presumably) no brute force protection built in you could easy script up a multi threaded password generator or dictionary attack.

Link to comment
Share on other sites

Hi there,

I was hoping that someone could give me a little direction on a school assignment I'm working on. Now before anyone jumps on me, I'm not looking to be handed the answers, I just have no idea where to even start with this and would like a nudge towards the right path.

So this assignment (for an intro to computer security class) is to figure out 4 keywords, or passwords that are hidden in a 32bit windows console executable. We are told to launch the program with out last name as an argument, and then find the passwords. The program prompts you for the passwords when you select particular item from a text-based menu.

We were also told that nothing we have learned in the class so far will help us do this assignment, and that we have to figure out how to do it by looking online. I've spent time poking around the menus in the program hoping to find some clues, but had no luck. I've also tried a couple of decompilers but they both crashed when I tried to look at this particular exe. And now I'm stuck.

If anyone could even just suggest an area I might want to look into I would really appreciate it.

Open up said appliication in a hex editor and look through the ASCII representation as Sparda stated. It is a slow process, but sometimes you see them scattered about.

Link to comment
Share on other sites

Try the hex editor first, if that fails try to brute force the application with hydra, that's your last resort.

Link to comment
Share on other sites

Rather than spend your time looking at the hex for ascii, just use strings (standard on linux, but there are versions available for windows). strings will output all strings found in the files passed as parameters, you can redirect this output to a file and work through all the values you see.

Other options would to run the program in a debbuger (ollydebug) and look at variables at key points. If there is a strcmp or a strncmp function I would throw a breakpoint on them and see what values are being passed to it.

Link to comment
Share on other sites

PEiD will also do a strings lookup as well as give you an idea what dll's its speaking with, what it was packed with, etc. The only problem I see with using strings, is if the password is encrypted, or just does a routine to look up the a comaprison to an hashed version of the password. If that is the case, it won't be as simple as looking for a 4 letter word, but give it a shot. The other method is since its a command line executable, you should be able to throw words at it with a script and wordlist to just continually try to brute force it. It might even take a switch to pass the password to it without running it first for the prompt. Try something in the command line like a help function, such as whatever the programs name is and /? or /help --help, etc.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...