BinaryRever.seDec 18, 2024
SpookyPass
Info
- Url: https://app.hackthebox.com/challenges/SpookyPass
- Platform: HackTheBox
- Complexity Level: Very Easy
- Date: 2024-12-18
- Tools: ida, Strings
Objective
All the coolest ghosts in town are going to a Haunted Houseparty - can you prove you deserve to get in?
Workflow
Looking at the file it looks like an ELF binary. Opening it in Linux will result in a prompt asking for a password;
Looking with IDA and strings it shows the script is pretty easy to follow; getting a prompt and checking a specific string; if it matches you get through; if not; you get the message “You’re not a real ghost; clear off!”
Filling in the string s3cr3t_p455_f0r_gh05t5_4nd_gh0ul5 in the application results in getting the correct flag
HTB{un0bfu5c4t3d_5tr1ng5}