sábado, 20 de enero de 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Continue reading


  1. Pentest Automation Tools
  2. Pentest Reporting Tools
  3. Hack Tools Download
  4. Android Hack Tools Github
  5. Ethical Hacker Tools
  6. Hacker Tools Hardware
  7. Pentest Tools Online
  8. Hacking Tools For Windows 7
  9. Hacking Tools Pc
  10. Github Hacking Tools
  11. Hack Tool Apk
  12. Hack Tools Github
  13. Hack Website Online Tool
  14. Hacking Tools Kit
  15. Pentest Tools Kali Linux
  16. Hacking Tools Windows 10
  17. Hackrf Tools
  18. Hacker Tools Mac
  19. Beginner Hacker Tools
  20. Android Hack Tools Github
  21. Pentest Tools Website Vulnerability
  22. Hack Tools Mac
  23. Hacking Tools Software
  24. Hacking Tools For Mac
  25. Hacker
  26. Hacking Tools Free Download
  27. Tools For Hacker
  28. Hacking Tools For Mac
  29. Hacker Tools List
  30. Hacker Tools Apk
  31. Top Pentest Tools
  32. Hack Tools For Mac
  33. Hacker Tools Hardware
  34. Hacking Tools Windows
  35. Hacking Tools Github
  36. Hacker Security Tools
  37. Hack Website Online Tool
  38. Hacking Tools For Games
  39. Termux Hacking Tools 2019
  40. Pentest Tools For Android
  41. Hacking Tools For Windows
  42. Hacking Tools For Windows 7
  43. Hacker Tools Software
  44. Hacking Tools Online
  45. Hacking Tools Kit
  46. Hack Tools For Ubuntu
  47. Hacker Tools Software
  48. Hack And Tools
  49. Hacking Tools For Windows Free Download
  50. Easy Hack Tools
  51. Game Hacking
  52. Hacker Tools For Pc
  53. Physical Pentest Tools
  54. Hacker Tools Software
  55. Pentest Tools
  56. Hacker Tools
  57. Hack Tools Github
  58. Pentest Tools Open Source
  59. New Hack Tools
  60. What Is Hacking Tools
  61. Hack Rom Tools
  62. Nsa Hack Tools
  63. Tools Used For Hacking
  64. Pentest Tools Free
  65. Growth Hacker Tools
  66. Beginner Hacker Tools
  67. Pentest Tools Alternative
  68. Pentest Tools Subdomain
  69. Blackhat Hacker Tools
  70. Hacking Tools Kit
  71. New Hacker Tools
  72. Physical Pentest Tools
  73. Pentest Tools Apk
  74. Ethical Hacker Tools
  75. Hacking Tools 2020
  76. Hack Tools For Ubuntu
  77. Hacker Tools For Windows
  78. Pentest Tools Review
  79. Game Hacking
  80. Hacker Tools For Ios
  81. Hacker Tools Online
  82. Hack Tools For Pc
  83. Hack App
  84. Pentest Tools Download
  85. Pentest Tools Tcp Port Scanner
  86. Usb Pentest Tools
  87. Pentest Box Tools Download
  88. Tools 4 Hack
  89. Hacking Tools For Games
  90. Hacker Tools Online
  91. Pentest Tools List
  92. Hacker
  93. How To Make Hacking Tools
  94. Hacking Tools For Kali Linux
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)