Differences

This shows you the differences between two versions of the page.

--- heig:slo:labo03 [2016/04/18 13:14] – [Crackme 2] Laureline David
+++ heig:slo:labo03 [2016/04/19 17:40] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 ===== Crackme 1 =====
-...
+This crackme uses straight up ''strcmp'' to test the password.
+**Solution:** noideawetheriamthegoodpassword
+**Vulnerability:** Hardcoded Strings
 ===== Crackme 2 =====
+This crackme uses a custom hashing algorithms to check the validity of the password. XORing all the bytes of the password together must equal to ''0x56''.
+**Solution:** Multiples. ''aaaaaaaaV'', ''xXxOVOxXx'', any string with all the characters except ''V'' going in pairs
+**Vulnerability:** Hash Collisions >_<
 <uml>
-:var1 = 0 [esp+18h];
-while (var1 ≤ 7)
-:edx = password[var1];
 :eax = argv[1];
-if (strcmp(eax, edx)) then (≠0)
-:var1++;
-else (0)
-:fail: Lamer;
-end
-endif
-endwhile
-:eax = argv[1];
-if (strlen(eax)) then (> 7)
 :var1 = 0;
 :var2 = 0;
@@ Line 30: / Line 27: @@
 if (var2 = 0x56) then
 :win!;
+stop
 else
 :fail!;
+end
 endif
+</uml>
+===== Crackme 3 =====
+This crackme uses SHA1 to check the validity of the password.
+**Solution:** qwertzuiop
+**Vulnerability:** Rainbow Tables :)
+<uml>
+:DIGEST = 1b6004ce49ab73225720b82d36eaaa4d6e511034;
+if (solution to crackme1) then (yes)
 end
-else
+endif
-:fail: Joke;
+if (solution to crackme2) then (yes)
+end
+endif
+:hsh = SHA1(argv[1]);
+:v1 = 0;
+:v2 = 0;
+while (v1 ≤ 19)
+:v2 |= hsh[v1] ^ DIGEST[v1];
+:v1++;
+endwhile
+if (v2 == 0) then (yes)
+:echo "Success";
+else (no)
+:fail;
 end
 endif
+stop
 </uml>