Today we will be tackling an easy binary reversing challenge from HackTheBox, called Find The Easy Pass. This binary is a Windows Executable, thus I will be utilizing my Windows reversing virtual machine to solve this challenge.
Upon downloading and unzipping, I dropped the file into PE Studio in order to get the file architecture. From the output we can see that it is a 32 bit file and it is an exeutable.
I also dropped the file into CFF Explorer to ensure that ASLR is not enabled. This will help us if we want to perform Manual Code Reversing with something like Ghidra while also debugging with x32dbg. From the output we can see that ASLR is not enabled.
To check if ASLR is enabled look for a check value under the ‘DLL can move’ option.
With that all out of the way, lets drop our sample into x32bdg. Once our sample is loaded lets hit the run button so we can hit our EntryPoint BreakPoint.
