[HTS] hackthissite Application missions 1-6 [tutorial]

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

[HTS] hackthissite Application missions 1-6 [tutorial]

Post by Sethioz »

////////////////////////////////////////////////////////////////////////////
Applications:
////////////////////////////////////////////////////////////////////////////


1.
just open it with notepad++ or hex editor and search for "authentic" or something like this. you will find list of serials there. use one of them to auth and get pass.

2.
use commview to monitor packets. send some password. lets use "aliens" as example.
monitor app2win.exe only, then use search in commview to find that packet where it has "aliens", now simple right click this packet and "reconstruct TCP session" now you will see list of serials. use it to authenticate.

3.
you need WPE pro or some other packet program that can intercept packets before they arrive in destination.
in WPE pro make a filter to replace "false" with "true"
here are the hex strings you need to enter into filter:
Search: 66 61 6C 73 65 0D 0A
Modify: 74 72 75 65 0D 0A 00
explanation: why so long ? because i wanted to make sure its correct. so i used 0D 0A too which means new line. and filled the last byte with 00.
now enable the filter, put recording on and type in random password.

4.
you need p32dasm and ollydbg (olly debugger)
run m32dasm and open app4win.exe in it.
find the command that makes it jump. we just skip the command and will jump to the mouse click, so instead of jumping to other button it think that you have clicked the button.
here's the first jump command:
00402810: Form1 1.3 Command1.MouseMove(Button As Integer, Shift As Integer, X As Single, Y As Single)
now write down this offset.
we need to skip this and instead of this jump to "00402AD0: Form1 1.6 Command1.Click()"
ok now open up olly.
open app4win.exe in olly (do not attach, but open it as file)
now click on that follow expression button above (> black arrow with 3 dots on top of eachother) it pops up a window saying "enter expression to follow". you enter the address you got before "00402810"
once there, highlight it and click space (or right click and select assemble).
now enter new command to skip the previous part and jump to 'click' instead. "JMP 00402AD0" < this means that you jump to the address by skipping this bunny hopping from button to button lol.
now click play button in olly in order to launch this application with the changes in it.
so now when you move mouse, it wont hop, but shows you the password.

5.
open app5 in olly
now in olly, in upper left window. scroll all the way up where you will notice this line:
"ASCII "Please enter the password:"
go down one line, function is "CALL app5win.004011A8"
NOTE that address in this command maybe different than my example.
now breakpoint this address (press F2 so it turns red).
run the program (press the play button or F9)
it will break and pause.
in the bottom right window you will see the line saying "ASCII "Please enter the password:"
take the address of this line. in my case its 12FF48
now go into bottom left window and follow the expression (press ctrl+g)
and type in that address and press ok
now look 2 lines below in hex dump. address would be 12FF68
that line has the password for the mission.
it is messed up, but if you look at it, you can make out only few words of it.
in my case the word would be "powertripping" and messed up would look like this:
"g...ppinrtripowe"

6.
basically same as 5.
repeat everything. except replace:

Code: Select all

"ASCII "Please enter the password:"
with

Code: Select all

"ASCII "Invalid Password"
breakpoint the line under that and repeat everything.
you will find the password in the hex dump just like in 5th and its also in 2 parts.
in hex dump, for me the line looks like this:

Code: Select all

0012FF3C  63 61 6C 0A 6D 61 67 69 24 FF 12 00 0A 00 00 00  cal.magi$ÿ.....
from this i read out "magical" which was the password


- fucking noobs don't start stealing my tutorial. i googled many times and i did NOT find guide for application 5. so as far as im concerned, i am the only one posting it out in public ! this also goes for app 6.

small thanks to TeamRetox, but not much, cuz he confused me with 5th :)
TeamRetox
Allie
Allie
Posts: 222
Joined: Sat Jun 06, 2009 3:48 pm

Re: [HTS] hackthissite Application missions 1-6 [tutorial]

Post by TeamRetox »

Sethioz wrote:small thanks to TeamRetox, but not much, cuz he confused me with 5th :)
I know a little fish that forgot some stuff turns around when staring at olly for too long :) cal.magi
split into sections of 4 bytes and start reversing the order of the sections:
cal.
magi
reversed = magical
Post Reply