Well, I couldn't resist not making one myself, so here it goes:

I have a little VB App that will ask for your username and password, and will give you an "access key" once you get the right info, this is pain-stakingly easy (heck, you don't even need to know the username and password - big hint. ), but, this is just to rev up your engines, as this is part 1 of my four part VB/PHP/MySQL/C++ Cracking Challenge.

Each challange will connect onto the next challenge, so the end product that you get from this one, will be highly important for the next challenge that you undertake.

you can find the program here.

http://xeek.trap17.com/lorem.exe

Have fun,

-whyme

small topic title name change hacking = cracking

This post has been edited by jipman: May 8 2005, 12:22 PM

Not fond of VB but still was able to do this challenge under Linux, which is just a bonus, since I hate needing to switch back to Windows.

Hopefully you'll bring more challenges similar to this but a bit harder, we could find all the information we needed just viewing this in a hex-editor, without needing that username and password but we could use them and still get a popup of what the key is.


Cheers,


MC

Hehe.. I did it in windows too and pm-ed you a snapshot. As MC pointed out - I never needed to figure out your password. I got to the popup of your keys straight out Check your pm for the resultant screenshot - it's on imageshack... and I'd have uploaded the cracked file but now it's in such a state that you can type any login/pass and get to your final popup screen I went one step up and removed all the your login/pass checking parts from the code and fixed the JUMP instructions to point straight to your popup box.. this way it completely bypasses your verification system.. no more pass needed.. the snapshot that you've received was logged in with "blah" & "blah" as username/pass

Comeup with somethign harder next time..

Regards,
m^e

WOW....
why are VB windows executables made up of 75% NULL.
that doesnt happen on the GNU c++ compiled ececuatbales.

anyways....
yeah, ive completed it too, but i used the *nix strings command instead of a hex-editor.

are we supposed to PM the answers, or post them ???

edit:
lol, ahh, found a second set of passwords and usernames after i relxed grep and discovered the typo.

Haha, like what I said, this isn't meant to be hard or challenging, only to start up your engines for the next one.

I'm currently developing the next challenge in PHP , and that "end product" you get from this challenge will be important for the next one.

I expect to be done in 5 - 8 days.

cheers,

-whyme

lol.. okay, i thought that was a clue to start reverse engineering

m^e,

If I maybe so bold, I want to test your theory on the any state.

Depending on how your altered the jump, how about inputting the correct username and password into it and seeing whether this is the case?


MC

Hehe okk.. once this challenge is over - I'll upload the cracked file here Even the correct username pass will work..

altering jump instructions with hex-editors used to be what all the 7337 h@)(0r$ were doing back in the Amiga days.

anyone have an amiga ?

i remember when you booted a game (cos thats what you did, games didnt run inside OS's)
a crached game would show up a page bragging about who pirated and crached is..

"Crystal Cracked" were quite famous.

this bragging page would often have very amasing graphics, cool music.
eventually, the bragging page became more important that the cracking.

and this is how demo's came to be (or thats how the legeng goes)

they also used to post the hpone numbers of the BBS servers that these hackers used to run.

damnit.. i really was born 10 years too late.

in the amiga days, we didnt have any of this Geforce FX 6800 SLI PCI-E crap !

We had the "Angus" Chip, and if you were rich, you upgraded to "Fat Angus"
and if you were really rich, you could go crazy, an buy a super charged "Fatter Angus" chip.

and if you were a billionaire, you could rpobably afford 2mb or ram for $300.

ahh the good old days.

Don't work for me, it said I am missing a dll or something.