{"id":21065222,"url":"https://github.com/khmelnitskiianton/HackDos","last_synced_at":"2025-10-01T10:31:12.645Z","repository":{"id":225734740,"uuid":"765580693","full_name":"khmelnitskiianton/DosHack","owner":"khmelnitskiianton","description":"Couple cracking asm programs for entering password in MS DOS","archived":false,"fork":false,"pushed_at":"2024-03-11T13:43:54.000Z","size":39,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-19T18:01:23.714Z","etag":null,"topics":["dos-attack"],"latest_commit_sha":null,"homepage":"","language":"Assembly","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/khmelnitskiianton.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-01T07:51:55.000Z","updated_at":"2024-05-27T21:17:47.000Z","dependencies_parsed_at":"2024-03-11T14:53:15.330Z","dependency_job_id":"0be86ef3-d955-4e70-b7ee-82fd39d17880","html_url":"https://github.com/khmelnitskiianton/DosHack","commit_stats":null,"previous_names":["khmelnitskiianton/doshack"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khmelnitskiianton%2FDosHack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khmelnitskiianton%2FDosHack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khmelnitskiianton%2FDosHack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/khmelnitskiianton%2FDosHack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/khmelnitskiianton","download_url":"https://codeload.github.com/khmelnitskiianton/DosHack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234856250,"owners_count":18897405,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dos-attack"],"created_at":"2024-11-19T17:54:26.275Z","updated_at":"2025-10-01T10:31:07.332Z","avatar_url":"https://github.com/khmelnitskiianton.png","language":"Assembly","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DosHack\nCouple cracking dos programs for entering password\n\n# Installing\n1. Full setup of DosBox+VolkovCommander+ASM+IDA+THELP+...  : [ded32.net.ru/storage.ded32.ru/Materials/TXLib/dosbox-asm-setup.rar.exe](http://nas.ded32.ru/storage.ded32.ru/Materials/TXLib/dosbox-asm-setup.rar.exe)\n2. Emulator of DosBox+Asm by yourself\n\n# My vulnerability\n[```CRYPTA.ASM```](https://github.com/khmelnitskiianton/DosHack/blob/main/CRYPTA.ASM) \u0026 [```CRYPTA.COM```](https://github.com/khmelnitskiianton/DosHack/blob/main/CRYPTA.COM)\n\nKey is `1234\u003cENTER\u003e`\n\n## Weak hash-function (simple)\n\nIn first case my hash was simple, that you can choose password to enter\n\nIt counts summ of askii codes and you need only equal summ to 202d (summ of '1234' in askii)\n\n## Overflowing stack (hard)\n\nBy checking for overflow flag of address I allow user to overflow stack, where situated address of return and user can switch it to jmp for success\n\nIn string 72: `je fail_case` - hidden check for flag ZF==1 that set if si is overflowing. That's why hacker can't overwrite all segment, but he has access to stack! \n\nIn string 59: in stack put address of return and than after input in string 79 processor takes address to return and user can change it to `jmp success_case`. That's vulnerability to jmp my hashing.\n\n# Opponent's vulnerability\n[```HACKER.COM```](https://github.com/khmelnitskiianton/DosHack/blob/main/HACKER.COM)\n\nBy using IDA - disassembler, I have user's code with dump,comments,graphs and etc [```HACKER.i64```](https://github.com/khmelnitskiianton/DosHack/blob/main/HACKER.i64) \n\n```Full code:```\n\n\u003cimg src=\"https://github.com/khmelnitskiianton/DosHack/assets/142332024/23516b17-8c49-4cd7-ab04-ead2eaed2c6b\" width=70%\u003e\n\n*He allocates his buffer before fucntions and has no checks for overflowing thats why I can overwrite everything*\n\n*I overflow it with input file `pwd.txt` and write to buffer from file `\u003ehacker.com \u003c pwd.txt`*\n\n##  Noping hash(simple)\nFirst simple solving is to change hash and data at the end. In hex  [```PWD1.TXT```](https://github.com/khmelnitskiianton/DosHack/blob/main/PWD1.TXT) consists of `skip buffer`-`nop hash`-`set ax = 0 for cmp`-`ret from hash`-`change true_hash on same val as ax`-`EOF = enter by input from file `\n\n\u003cimg src=\"https://github.com/khmelnitskiianton/DosHack/assets/142332024/6925d747-fb97-43ad-b05c-9494b3b5a50c\" width=60%\u003e\n\n`Result:`\n\n\u003cimg src=\"https://github.com/khmelnitskiianton/DosHack/assets/142332024/e1750edb-c7c1-4eb1-848b-013cb050424f\" width=40%\u003e\n\n## Overwrite segment(hard)\nSecond vulnerability [```PWD2.TXT```](https://github.com/khmelnitskiianton/DosHack/blob/main/PWD2.TXT)\n\nSimilar to previous but overwrites all segment with starting too\n\nIt consists of `previous changes`-`many many zeros`-`after overflowing si at address 100h new commands for me, change dec si --- jmp success_case`\n\nCode from 0h-0100h address was copied by hands(bruh).\n\n\u003cimg src=\"https://github.com/khmelnitskiianton/DosHack/assets/142332024/24a00e64-95f3-4c1e-bb6f-f9d275436b54\" width=60%\u003e\n\n`Result:`\n\n\u003cimg src=\"https://github.com/khmelnitskiianton/DosHack/assets/142332024/02204adf-4227-4d1c-815a-b99b4c60197b\" width=40%\u003e\n\n`BUG(fuck it):` It need to press enter and than program frezzes. Can't find why, 0h-100h is good, stack empty and everything on the right place\n\n## Direct hack with pill\n[```HACKER.cpp```](https://github.com/khmelnitskiianton/DosHack/blob/main/HACKER.cpp) - pill that change bytes in executable file\n\nIn this hack I change start with address 07h: `BE 00 00` \u0026rarr; `EB 1A 90`. Its `mov si, 0` \u0026rarr; `jmp success_case nop`. \n\n\u003cimg src=\"https://github.com/khmelnitskiianton/DosHack/assets/142332024/bf8e782d-e2f0-482f-bdb0-139fec34ec82\" width=50%\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkhmelnitskiianton%2FHackDos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkhmelnitskiianton%2FHackDos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkhmelnitskiianton%2FHackDos/lists"}