Attacking Common Applications - Skills Assessment III

What is the hardcoded password for the database connection in the MultimasterAPI.dll file?

I checked MultimasterAPI.dll with x64dbg and dnspy but I’m stuck here! I can access sqlcmd directly from terminal and found several accounts and passwords but nothing else. if someone has a tip from where to start to capture the password in Multi…dll would be very helpful thanks.

1 Like

Same question

You will find it in MultimasterAPI.Controllers → ColleagueController (in dnSpy, of course)

5 Likes

Now I understand why there are 0 cubes for this question…I thought we needed reverse engineering. Thanks really for the advice!

3 Likes

The machine is unstable … it die after some time… may be someone else is also facing the same issue… I have restarted the machine a couple of times… and also downloaded new connection file … but the issue persist…

You help me a lot. Thanks!!!

1 Like

I thought this will be the hardest skill assessment out of the 3, but it was the easiest. Do not overcomplicate things. Do exactly what you did in one of the modules.

One minor problem I was trying to use dnSpy to look at the dll fileMultimasterAPI.dll
but there doesnt seem to be a copy of this software on the server
Any ideas of where it is or if there is an alternative ?

found it
c:\Tools\dnSpy.exe drrrrrrr!

The answer is in Dnspy

I don’t know whether I’m blind or the host has the wrong image, but where is the MultimasterAPI.dll file? I can’t find it.

Edit: Apparently this VM is the same used in the insane Windows HTB box “Multimaster”. Exploiting the dll is part of the CTF and it’s found on c:\inetpub\wwwroot\bin. Don’t know if finding a file in a machine without any additional context was part of the intended experience, but there it is.

1 Like

Is anyone aware of a way to use dnSpy to find the password more effectively than just clicking through the different sections of code? This would be like a needle in a haystack during an actual assessment or pentest. Or is there something I should be looking for in the section names that would more quickly point me to where the password could be? Thanks.