-
thorner
at April 04,2017
Video quality on this tutorial definitely went down...it was hard to see and the presenter seemed less prepared/extremely bored this time. I wish he went into more detail about each line of code and what the changes that he made really meant re: the flow of code and what the program was reading. Seemed pretty similar to his previous videos - I would like him to show the other capabilities of Ollydbg instead of just demonstrating how he can manipulate the program to show the valid username and passwords.
Again, very powerful tool and demonstrates the importance of secure coding.
-
msharma6
at April 26,2017
This video is pretty similar to the one of his earlier videos which showed how to find the real password. In this video, however, he shows to find the real password with the username. Overall it was a dry video.
-
echukalov
at April 27,2017
The video quality on this tutorial makes it hard to see and follow. This was similar to the previous videos and used the same technique to get the password. It is generally considered bad coding practice to have usernames and passwords that are hardcoded in the executable, especially if they are unencrypted.
-
BSharma
at May 03,2017
This is a continuation of the other ollydbg videos. The speaker has learned how to find specific functions (conditional function, error messages, success messages) in the code to determine where to look for the real password. However, good software development practice says to never encode password and usernames in to code just for this reason.
-
student0
at May 08,2017
It’s really surprising to me that OllyDBG’s program can identify passwords in cleartext. I thought that is was common practice to store and compare passwords either in a hashed or encrypted format. The same concept applies to the username. However, that the SOSX crackme 3 only has one username and password leads me to believe, again, that the SOSX crackeme 3 application is an easier program to crack than one would typically find today for sale by major commercial software vendors. However, there is immense value in OllyDBG’s program to locate username and passwords even if they are hashed or encrypted. The hash of a weak or common password is most likely stored in a rainbow table and can be located with a tailored search.