In Internet Explorer or Edge, oOpen this page:
Note
If you already have Visual C++ Build Tools installed, click the Start button, scroll to the V section,
expand "Visual Studio 2019", and click "Developer Command Prompt for VS 2019", as shown below.Then skip to the "Making the pwd Program in C++" section, below on this page.
https://visualstudio.microsoft.com/visual-cpp-build-tools/
Click the "Download Build Tools" button, as shown below.
A download dialog appears, as shown below. Click Save. After the download completes, click Run.
If a User Account Control box pops up, click Yes.
Click Continue.
A large window appears, as shown below.
At the top left, check "Desktop development with C++".
At the bottom right, click the Install button.
Wait while software downloads and installs.
Click the Windows Start icon in the bottom left corner,
and scroll to the V section.
Expand the "Visual Studio 2019" section
and click Developer Command Prompt for VS 2019
mkdir c:\127
cd c:\127
notepad pwd.cpp
A box pops up, asking
"Do you want to create a new file?".
Click Yes.
Enter this code, as shown below:
#include <iostream>
using namespace std;
int test_pw()
{
char pin[10];
int x=15, i;
cout << "Enter password: ";
cin >> pin;
for (i=0; i<10; i+=2) x = (x & pin[i]) | pin[i+1];
if (x == 48) return 0;
else return 1;
}
void main()
{
if (test_pw()) printf("Fail!\n");
else printf("You win!\n");
}
In Notepad, click File, Save.
In the Developer Command Prompt window, execute these commands:
copy pwd.cpp pwdn.cpp
cl /EHsc pwd.cpp
cl /EHsc /GS- pwdn.cpp
dir *.exe
Two versions of the program are produced.
The "pwd.exe" program has stack protections, but
"pwdn.exe" does not, so it's slightly smaller,
as shown below.
https://www.hex-rays.com/products/ida/support/download_freeware.shtml
Download and install the Windows version, as shown below.
Click "I Agree".
In the "IDA: Quick start" box, click New, as shown below.
Navigate to the C:\127\pwd.exe file and double-click it.
In the "Load a new file" box, click OK.
IDA opens, showing some assembly code, as shown below.
From the IDA menu, click View, "Open subviews", "Strings".
Double-click "Enter password", as shown below.
The .rdata section appears, showing stored strings. On the line containing "Enter password", find "DATA XREF". Point to the address after the "DATA XREF" marker, as highlighted in yellow in the image below, and double-click it.
The function prologue appears, with a line containing "security_cookie", as shown below.
View the strings and follow the "DATA XREF" market to see the function that asks for the password again.
The "security_cookie" line is gone, as shown below.
Enter a "Number of opcode bytes" of 6 as shown below. Then click OK.
Ported to Google Cloud by Travis Knapp-Prasek
ED 301.1: Viewing Opcode Bytes (15 pts)
Find the hexadecimal values covered by a green box in the image below. That's the flag.