Aim: Given an executable of a program written in C, compiled with gcc – crack the Password

EQUIPMENTS:

ltrace

ldd

objdump

gdb

radare2

radiff2

Procedure:

As usual the things to try.. when an executable is given:

Run the executable with and without input.

No Surprise!! 😉

How about ltrace ?

Oh! looks a bit fishy its still using strncmp, but the comparison is happening against some thing which look similar.. Yes it is using the environment variables.

Lets list all the environment variables

Lets use our next (new) tool -ldd ( print shared library dependencies)

libcrypto is used which is a shared library consisting of a number of sub-libraries that implement the individual algorithms

Hmm.. What could be the algorithm or cryptography technique used?

How about disassembling to get more clues about, cryptography technique used?

radare2 ./crackme2 aa pdf @sym.main

We can see that MD5 is used. so there would be a hash hard-coded. Yeah!! we found it : ‘d8578edf8458ce06fbc5bb76a58c5ca4’

On decryption using MD5 reverse Hash the password turns out to be ‘qwerty’.

Now we just have to add the environmental variable

Keep looking!! 🙂 🙂 More hacking on the way…