https://app.hackthebox.com/challenges/3

Description

Find the username and password and put them in the flag in the format: HTB{username:password}
Warning: It can produce false positives.

Exploitation

Use dnspy to decompile

#!/usr/bin/python3
import math

def extract_username():
    array = [
        "1", "2", "4", "g", "h", "l", "o", "3", "g", "p",
        "p", "k", "d", "f", "s", "e", "w", "r", "t", "z",
        "u", "i", "i", "&", "$", "_"
    ]
    username = array[0] + array[4] + array[10] + array[22] + array[9]
    return username[::-1]

def main():
    username = extract_username()
    password = "roiw!@#"
    flag = f"HTB{{{username}:{password}}}"
    print(flag)

if __name__ == "__main__":
    main()

Summary

Tear Or Dear: decompile the .NET logic, rebuild the check, and recover the accepted input.