6648f35e6b8bd8ddfe33cc00

About

interesting crack me, took me about 15 mins to crack. link to crackme is here.

goal is to obtain super (sudo) rights.

Diving in

decompiled using ida, attacked to debugger. i put a breakpoint just where the input starts, it was using getch();

and in order to enter the while loop, we need to make sure that the first char is R. so entered R as the first character. next i was stepping in and

Src has my input password string partially stored therefore i am assuming entered_password will soon have my entire password stored in it therefore i changed the name to “entered_password”.

now v86[4] = 0xC. by doing some hit and try, i found out that v10 is basically our input string length. Therefore our input string must have 12 characters. stepping in, i reached another important check

if we now inspect entered password,

we can see that the input string is there in it’s entirety thus our assumption was correct. if we inspect v31 to see what is stored in it,

“991111019599” is the correct password for super rights.