Find The Easy Pass is an easy reversing challenge from Hack The Box. The description is “Find the password (say PASS) and enter the flag in the form HTB{PASS}.” To start, like always, I run the program. It’s a “password” type challenge like the others. Obviously, I did not guess the right input on my first try so I open it up in Immunity Debugger.

I search for strings and find some that may be very helpful. I prefer a work backwards approach, so I love to find the congratulations string and work from there.

I follow this string back to where it is used in the program. Right above it is a function and a “JNZ” which I assume is where the comparison between your input and the correct password is. I then set a breakpoint on the function call right above it and run the program.

Once I hit the breakpoint I type in my “a” and there is the password in the EDX register.

I run the program for the final time using the correct password and I get the congratulations message.

This was a fun challenge as it was my first Windows challenge and I had to learn the basics of Immunity Debugger, which I actually really enjoy. I still much prefer gdb with pwndbg, but I can’t complain. Thanks for reading and happy reversing!