HackMe1 – Strings

HackMe1:
This should be a very simple introduction about reverse engineering. The aim of this lab is to get access by getting the password out of the provided binary file. The source code in the solution is totally unusable for any kind of protection and is only for demonstration purpose.

Download File: HackMe1(Linux)
Download File: HackMe1(Windows)


“strings” command
With the strings command it is possible to find ASCII strings in different files. The usage is very simple with “$strings “. As an example a file with only a few ASCII strings is provided and compiled.

int main(void){
   char *shortstring = "short string";
   char *longstring = "looooooong string";
   char *longerstring = "loooooooooooooonger string";
   char *verylongstring = "Veeeeeeeeeeeeeeeeeeeeerrrrrrrrrrrrrrrrryyyyyyyyyyyyy looooooongg sssstrrrrrriiiing";

   return 0;
}

Now it is possible to use the “strings” command on the file. Here we can find all the ASCII string content of the above defined variables.

$strings testhackme1
... more strings ...
[^_]
short string
looooooong string
loooooooooooooonger string
Veeeeeeeeeeeeeeeeeeeeerrrrrrrrrrrrrrrrryyyyyyyyyyyyy looooooongg sssstrrrrrriiiing
;*2$"
... more strings ...

With the “strings” command it is possible to find raw saved passwords on binary files very quick and easy. This is the task for hackme1.

Solution

First of all you can have a look at the contained strings.

strings hackme | less

Afterwords have a look at the hexdump.

hexdump -C hackme | less

Source code.


#include 

int main(void)
{
    const char password[15] = "secretpw";
    char pass_in[15];
    int i;
    int valid = 0;

    printf("Copyright by NM-Projects.de\n");
    printf("Enter password: ");
    scanf("%15s[^\n]", pass_in);
    for(i = 0; i < 15; i++)
    {
       if(pass_in[i] != password[i])
       {
          valid = 1;
          break;
       }
    }
    if(valid == 0)
    {
        printf("\nRight password\n");
    }
    else
    {
        printf("\nWrong password!\n");
    }

    getchar();
    return 0;
}


Leave a Reply

Your email address will not be published. Required fields are marked *

*