The challenge: Crackme2 Repository 🏴☠️
Commands used: cd
, ls
, cat
, less
, apt
, vim
, strings
, ltrace
, export
1. Clone the repository
$ git clone https://github.com/alx-tools/0x06.c.git
2. Change to the folder
$ cd 0x06.c
3. List the contents of the folder
4. Execute the program
As we can see, we need to install some packages.
5. Install necessary packages 📦
-
Add the resource to the apt sources
$ vim /etc/apt/sources.list
Todo: Add this at the end of the file. 📝
`deb http://security.ubuntu.com/ubuntu xenial-security main`
-
Update the package list 🔄
$ sudo apt update
-
Install the necessary package ⚙️
$ sudo apt install libssl1.0.0
6. View the normal output 👀
7. Inspect the contents of the executable file
$ cat crackme2 | less
Note: We notice some readable text formats.
8. We notice some readable text formats. To see it more clearly, we can use the strings
command.
Note: We notice some hash values.
9. If it's a hash, we can attempt to brute-force it with common passwords. You can find websites that offer this service.
10. Crack it
11. Congrats !:) But now How to pass the password to the file we have to know what the execute file looking for .We have to investigate it
Let's debug it using ltrace
which is primarily used to trace calls made by programs to library functions.
$ ltrace ./crackme2
Explain 🥸:
- First line "__libc_start_main" : it's a function that set the program environment. which means the file is looking for a specific environment name
- Second line "strncmp(str1,str2,n)": which means it compares a given number of characters of two strings.
- Other lines : we see strncmp repeated with a string called
jennieandjayloveasm
Conculation : we are looking for the environment variable jennieandjayloveasm
.
12. trying to set that environment variable to anything
$ export jennieandjayloveasm="whatever"
$ ltrace ./crackme2
Explain 🥸: we notice at the end there are two hashes strncmp(str1,str2)
str1
hash of : is the same as what we found previously "thepassword"
str2
hash of : "whatever" the value of jennieandjayloveasm
13. set the environment variable to the password
$ export jennieandjayloveasm="abc***"
$ ./crackme2
note 🥸. In some tasks they said to Create a file with the password, no new line, and no extra space
$ printf "the_password" > filename
Using a normal editor will automatically create a new line at the end , if we created it with printf
the will be No newline