TearOrDear

Hi all, I found the username and password for this challenge but when I submit the flag it is not accepting. I provided in the same format mentioned in the challenge.
But the binary accepts these and prints “correct”. Can someone help and tell what I am missing?

I believe the instructions say “Warning: Cannproduce false positives” so I would assume you have a false positive.

Thanks, JoeDev for the response. I actually saw that warning but thought I am doing something wrong. Am trying to look what I missed. Thanks.

Can someone provide a few hints? This is a tough one.

The way to find the solution is to go through the code and study it.
While solving it, i’ve found 3 possible passwords and one user name. All gave me the correct message, but only the last found password was the correct.

HINT: give special attention to the code where “textBox_user.Text” and “textBox_pass.Text” are, because those are the variables that will make it work, as you should already know!

have you entered that in correct format? Like HTB{teXt} or something?

Are there any links or study materials for getting accustomed a general process of doing this kind of hacks. I tried to find “Wrong Credentials” string, but couldn’t find it. (Immunity Debugger: !mona find -s “Wrong Credentials”)

@MartyV said:
Are there any links or study materials for getting accustomed a general process of doing this kind of hacks. I tried to find “Wrong Credentials” string, but couldn’t find it. (Immunity Debugger: !mona find -s “Wrong Credentials”)

Yes, you should know c# and know how to debug in some IDE …
I have debugged the code in Visual Studio…

Anyway, just knowing c#, c++ or c is enough and going through the code line by line… depends if you want to automate the process or not…

If you can get the app to run. Set break points in the app to watch the flow analyze. Then go back and set them for key areas so you can search for code there. I have not completed this one yet but have seen some interesting things to follow up on for it.

Can anyone tell me what program to use for this? tried OllyDBG, IDA, Visual Studio… Cant figure out how to decompile it?

@pzylence said:
Can anyone tell me what program to use for this? tried OllyDBG, IDA, Visual Studio… Cant figure out how to decompile it?

I recommend ILSpy