At the beginning of this month, the Mossad published a hacking challenge. out of curiosity I took some time playing with it and while progressing within the challenge I discovered a dll file which should contain a hint (admin password for a fake chat room).

The interesting question is what do I do with it ?

The first step was opening the DLLfile in a hex editor and looking for interesting stuff. When doing that I’ve noticed that this is a WIN32 DLL:

And that it has some interesting things in it that will help me going to get the desired password:

My next step was loading the DLL into a disassembly tool (I’ve used the demo version of IDA) and checking what are the exports of this DLL:

From the disassembly of “Run” I can see that there is some input request from the user followed by many lines of code:

So now we have an export within the dll that we can call and see what happens. In order to do that I’ve wrote a short C++ program that loads the dll file and calls the “Run” function.

Running the program gave me the following output (I don’t know the password so I just entered a random string):

Instead of looking for the right password (there is a lot of code here), let’s try to see where is the password verification take place and try to override it so the program execution will continue the positive flow in the way that it would if we’ve entered the right password:

Looks like we found it, now let’s go back to the hex editor and change the “jnz” direction into “jz” direction:

After changing the hex value 75 into 74 and saving the file, I went back to my c++ program and re-ran it.

And we got the password 🙂

– Alexander

Please leave this field empty

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, as soon as it is published!

Email Address *

Check your inbox or spam folder to confirm your subscription.