Message from C, C++ talks

July 2019

— Main.c

— / RETO 08 /

#include <openssl/md5.h>
#include <stdio.h>
#include "md5.h"
#include "hex.h"

int main() {

char pass[30];
char *out;
char *out2;
printf("[=] Password: ");
fflush(stdout);
fgets(pass, sizeof(pass), stdin); // err
out = md5crypt(pass);
out2 = hexencode(out);

if(strcmp(out2, "E492931E5DAA29C4B1FE5B4A924567DB") == 0) {

printf("[+] Access granted, use the password as flag!\n");
exit(1);

} else {

printf("[-] Try again!\n");

}

return 0;

}

Message permanent page

— Pastebin if it's long

— Hex.c

— 

/ Hex Encoder Function /

unsigned char hexencode(unsigned char str[200]) {
int i,j;
unsigned char strH[400];
memset(strH,0,sizeof(strH));

for(i=0,j=0;i<strlen(str);i++,j+=2) {
sprintf((char*)strH+j,"%02X",str[i]);
}
strH[j]='\0';

return strH;

}

— And still you have a buffer overflow in your program if you pass that long md5 value from the condition

Message permanent page

— Md5.c

— / MD5 Encrypt /

#include <openssl/md5.h>

unsigned char md5crypt(unsigned char password[30]) {
unsigned char hash[MD5_DIGEST_LENGTH];
MD5(password, sizeof(password), hash);

return hash;

}

Message permanent page

— Use pastebin please

— Okay

— Ill upload wait

— Nvm leave it

— Hxxps://pastebin.com/d4bb4pqR

— Main.c

— Hxxps://pastebin.com/G9U0WgSQ