moveax41h's get the password



5:33 AM 03/09/2019




No nopping… Get the password :)

Yuri on 11:44 PM 03/11/2019: DO NOT READ IF YOU DO NOT WANT SPOILERS! I may have figured it out, there seems to be a lot of functionality that is not really used. Maybe filler code to throw us off? Seems the password is a fixed value added by 1, however, it is put into the heap at a random location within the get_pwd(). If my understanding is correct I will try to write a solution and explain within it.

kuroguro on 10:02 AM 03/12/2019: @Yuri - yep, came to the same conclusion

LinuxH11 on 5:42 PM 03/12/2019: Type w then enter

_Dante_ on 2:01 PM 03/15/2019: SPOILER ALERT: The password is w0nit4, but like said in the comment above even if you type w and enter it will work anyway, it might a mistake

_Dante_ on 2:02 PM 03/15/2019: *w0n1t4

rmfla on 6:13 PM 03/19/2019: w

Flyour on 2:38 AM 04/29/2019: w

coyote_0x90 on 6:41 AM 05/22/2019: w works for a password. It looks like it only checks the first char: .text:004015E5 movzx eax, byte ptr [eax] .text:004015E8 cmp dl, al .text:004015EA jz short loc_4015F3 But if you step through the get_pwd function, you can see it generate all the chars in "w0n1t4"