Today we will be tackling an easy binary reversing challenge from HackTheBox, called Find The Easy Pass. This binary is a Windows Executable, thus I will be utilizing my Windows reversing virtual machine to solve this challenge.
Upon downloading and unzipping, I dropped the file into PE Studio in order to get the file architecture. From the output we can see that it is a 32 bit file and it is an exeutable.
I also dropped the file into CFF Explorer to ensure that ASLR is not enabled. This will help us if we want to perform Manual Code Reversing with something like Ghidra while also debugging with x32dbg. From the output we can see that ASLR is not enabled.
To check if ASLR is enabled look for a check value under the ‘DLL can move’ option.
With that all out of the way, lets drop our sample into x32bdg. Once our sample is loaded lets hit the run button so we can hit our EntryPoint BreakPoint.
Once at our EntryPoint, lets search for some strings that might not be present simply from examining the file statically. To do right click → search for → current region → string references.
There are a ton of references to strings as expected, to speed this up lets search for things like “Password”. We can see one hit for Password with the string containing “Wrong Password!”. Lets right click and set a breakpoint here.
Once that is all set lets run our program. Once the program is running we are greeted with a prompt that says “Enter Password”. Since we do not know the passwords, lets make one up and see how the program handles it.