| @xorascii Glad to hear! |
==> |
| @4epuxa Well done!!! Actually even without the AA the answer is valid too. Congrats! |
==> |
| @Fengax Nice doone!!! Congrats!! My intentions were that you guys skipped the md5 function (dinamic analysis) till the cmp is reached. Then the md5 string is generated and you just have to crack that md5 string. |
==> |
| @Ralkey The challenge should display a message at the end. If you are double-clicking the PE, the message is displayed but then the program will immediately close. Try to execute it from cmd, or from a debugger like Ollydbg/x64dgb... |
==> |
| @ToMKoL True. Technically speaking, you are right. What I mean is finding a string with the same md5 hash than the solution. Thanks for the note. |
==> |
| @pranav All right, maybe this is my last comment so let's close this issue once and for all. I'm not trying to humiliate you nor making you feel bad (rather the opposite, I wanted you to enjoy it). This crackme is in this level because I consider something "basic" to know that md5 can be easily reverse. This crackme is in this level because in spite of not solving the challenge, you can ask IN A POLITE WAY for help, and if you didn't know that md5 is a weak hashing algorithm, now you do! With this new information, maybe you would refuse to use md5 in your own website because it can be broken, and THAT is the main objective of a challenge (providing you with new skills/knowledge). Next time instead of complaining about how difficult is the challenge or trying to harass me, just stay cool and I will try to help you whenever it's possible. Take care! |
==> |
| @Legacyy THANKSS!!! I appreciate your support. And you are right, this is just for fun. |
==> |
| As he/she says, MD5 was broken years ago and I expected you to know that. If you were humble enough, you would understand that by doing my crackme you learned something new. @pranav It's funny that you say "that's not how a crackme's solution should be found". From my personal point of view, you should not be thinking of doing crackmes, CTFs of any kind of cybersecurity challenge in the "supposed way". This is about lateral thinking and solutions out of the box. If you were hired for reversing malware and the attacker used md5, you would say that "the attacker made the malware in an uncommon way" and you just give up??? Anyways, you only had to go to the strcmp function, check that an md5 string is being compared and reverse that md5 (which is really easy). I gave you hints, and even the source code. Finally, I checked FAQs and indeed, there is nothing written about using third party algorithms. All in all, a) you proved that you struggle to reverse an md5 function. b) When you don't solve a challenge, you cry. (If you just google md5 for a bit more information, it says that md5 it's broken and how to reverse it... You did not even do that) c) When you have no arguments, you LIE for no reason about FAQs. Just get out of my challenge, kiddo. |
==> |
| @ToMKoL THANKS!!! At least someone clever in the room |
==> |
| @pranav LOL Obviously you don't have to reverse the hole MD5 function to get the solution. With that stupid approach it will be hard af. When you are comparing the string with the solution, that string is already loaded in memory (I personally checked that) and you can look for it (otherwise it would be impossible for the program to work). It is clear that I don't have to implement the whole md5 algorithm myself because it won't make any difference (however it is ok to know that you can't include a third party algorithm in a crack me. Thanks). At the end, you and @s4gr00_x are just crying because you couldn't solve the challenge, but some people could because it is actually pretty straightforward (you don't have to go through the md5 function, just check the input and the output, and then you realize it is an md5 string). We can discuss if you liked the challenge or not, which is ok, but if you found this one difficult, just go to an "easier one" and leave me alone. |
==> |
| @s4gr00_x Nobody says this challenge is hard. I've always said this one was easy. What's the problem with making a beginner friendly challenge? If this one is easy for you, you are not on the right challenge. Go on to the next one. |
==> |
| @pranav Well, The thing was to understand the simple "cmp input, pass" challenge with the "added difficulty" of not being just a clear text string. Could have been rated Level 1 without problem. |
==> |
| DUDE don't post the solution XDD |
==> |