11 replies to this topic

[ttony21]

I realize this isnt a hacking forum but I decided I'd try anyway (I hack to learn about programs and websites and to learn to secure my own so somebody in here should have an idea of how this works...)

I used a hex editor to get into the code of an application (from hackthissite.org), and this was part of the code
.Authenticate your software......................Status: Connecting..........................Status: Reading data............................true........................Status: Validated..........2...0.......0Contratulations! The password to this level is '........................'.......................false.......................Status: Serial invalid.........A...?.......?Sorry, you entered an incorrect serial number. Please re-enter..........................Status: Sending request............/...-.......-GET /application/app3/snauthenticate.php?key=....................... HTTP/1.1.......................Host: hackthissite.org.....

All i ended up doing was changing that "true" on the third line to "fals", because I needed to keep everything the same about bytes, but I dont get exactly how it worked(it makes perfect sense with "false" but I don't understand how the program wouldve given the correct message with the word "fals")

[v0id]

You will probably get more answers, if you ask in HackThisSite's own forum at CritcalSecurity.

When you're editing in binary files, you can't change the size, or the file will crash. So yes, it's true that you "need[ed] to keep everything the same about bytes."

You could probably end up with a working application, in the way you're doing - if you don't change the file size. But usually, in cracking, you wouldn't do it in that way. My suggestions are; you should pick up a debugger and a network analyzer. In that way you'll solve it easier.

[ttony21]

thanx ill read up on debuggers and network analyzers cuz i don't have much of a clue what those are or how they work lol, i wouldve used criticalsecurity.net but my forum account wont work, also i already finished the mission (not sure if u understood that or not), i wana figure out why it accepted fals though if the information it recieved wouldve been "false"...i think

[v0id]

Oh, you actually got by the mission.

I can't say why it accepted it, because I don't know the mission nor the application. But - from what you've shown in this thread - I think the application is simply set up to check this value directly. What I mean is that, in the application, there could be the following line:

if(some_variable != "true") ...

And then, "true" is what you're seeing in your hex-editor. In that way, no matter how you're changing the string, it will not be "true" anymore, and then the expressions will be true - and you gets by the protection. To test this, you could try to edit it to "abcd" instead of "fals," and see if it still works.

I just thinks it's weird, because it's set up to retrieve information through HTTP. This could be something, to lead you on the wrong track, or it could be another way to get by the protection.

I can't say anymore, because, like I said, I don't know anything about the mission nor application.

Anyways, good luck!

[ttony21]

Hm, no clue, only fals seems to work but thanx..

[TkTech]

If they ask for the details you'll get it wrong. Best bet, run a brute forcer. The full path is http://hackthissite....te.php?key=<run it here>

[ttony21]

Lol well we're not supposed to brute force the site :p also wouldn't really help me in learning more about applications like that, but I guess I'll just have to read up more on boolean values to get it

[TcM]

Hahaha I tried this one and I hacked that application, was as simple as one, two, three. I think that I used a VB dissembler! The serial is 'encrypted' but it's simple with a vb dissembler.

[ttony21]

Wierd, i tried 2 dif VB dissamblers and it said that it wasnt a version 5/6 so i couldnt use it, but it worked on the next challenge so thanx maybe i can figure out how to use it for this one

[TcM]

Of course, it is VB 3! Try a VB 3 dissembler and it should work.

[TkTech]

TheComputerMaster said:

Of course, it is VB 3! Try a VB 3 dissembler and it should work.

Simply. Lol.

[TcM]

TkTech said:

Simply. Lol.

Yup it's a kids joke! Should have been cracked in a matter of minutes (including the downloading and installation of a vb 3 dissembler)