Hacking (Reverse engineering): Gaining access with wrong password

In this post, I will quickly show how you can use a debugger to hack poorly written or packaged code. More specifically, how to enter a wrong password but still get access. Before proceeding, I should be clear, that this is just a demonstration, and the programs out there in production (these days) will definitely not vulnerable to this method (if it is, then it is a shitty program). This is to demonstrate how you can change the execution path as you wish.

First I will show a simple code which prompts for a password to be set, then encrypts it using MD5 sum hash and salt and stores the hash in a file. Then it asks for the same password, reads the hash from the stored file and compares if the two entered passwords are same or not. Then I will show how to reverse engineer the executable file and enter the wrong password, but still make it think that we the correct password was entered. Continue reading “Hacking (Reverse engineering): Gaining access with wrong password”