Creds >>
TryHackMe – https://tryhackme.com/p/TheSysRat
HackTheBox (aka TheSysRat)
First look on binary:
OK, we can check how it is work:
We can see there two compare function, but stil not sure how it works. Let’s check Ghidra.
After decompiling there is main function:
There is wierd string “DoYouEven%sCTF” it will be probably hint.
So we can try to reconstruct first compare:
And there it is:
OK and second compare:
We can see if the first compare is equal to “__init”, it is correct. So what do you find that password is? 🙂
