Hack the Box rev Impossible Password
Impossible Password
Easy
CHALLENGE DESCRIPTION
Impossible Password
The main function looks like this:
Seeing such a string and comparison chain leads us to believe the flag is the first string decrypted/decoded.
Following the chain we can see that there is the last function which decrypts the flag:
We can see that the flag is xored with 9 to make it printable.
We do the same operation:
alternatively in GDB we execute the file and redirect the flow to the function or bypass the two strcmp:
and afterwards:
and after the flow will just continue to printing the flag.
One part of the password is random generated so the only way is bypassing the compare/patching the binary.
Comments