Today we are going to do some more reverse engineering. We will be using ILspy to decompile the code of the TBFC_APP. Our goal is to discover the password and then log into the application. Once we login, we will be given the flag.
First we need to install a remote desktop client for our kali machine. The challnege talks about using Remmina, so let’s install that.
sudo apt install remmina -y
Now let’s log into the machine. Enter remmina into your terminal, this will open the remote desktop client, then enter your IP address, hit enter, and his accept certificate.
Enter the username of cmnatic and the password of Adventofcyber!
Click on Toggle Dynamic Resolution Update on the left side bar to make your resolution better.
Great now we are logged in, let’s open the TBFC_APP in ILSpy. Open the ILSpy – Shortcut and then drap the TBFC_APP into the ILSPY Window.
Right click on all the Assemblies above the TBFC_APP and click Remove since we only are worried about this application.
Now open the TBFC_APP and You see that we need to enter a password. Let’s enter a password of test.
Maybe we can use this error message to search for the correct password. I’m going to search You’re not Santa which is at the top of the error message.
We can see it appears in MainForm.buttonActivate_Click. That makes sense because when we click the submit button the error message appears. Double click on the MainForm and look at the code.
There’s a reference to santapassword321, maybe that’s the password!
We see that it is the password and we have our flag!
Now we have decompiled an executables and discovered the password to gain entrance. If passwords are left in plain text within binaries, with a little effort you can discover passwords to login!
Reverse engineering is really useful in penetration tests. If you can get good at this, it makes finding exploits for systems a lot easier.