Friday, January 26, 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related word


  1. Github Hacking Tools
  2. Pentest Tools Open Source
  3. Hacker
  4. Tools 4 Hack
  5. Hack Tools For Mac
  6. Hack Tools
  7. Hacking Tools And Software
  8. Hacking Tools Windows 10
  9. Free Pentest Tools For Windows
  10. Hacker Tools 2020
  11. Android Hack Tools Github
  12. Hacking Tools For Beginners
  13. Hack Tools Pc
  14. Hacker Tools For Mac
  15. Hacker Tools Apk
  16. Hacker Tools Apk
  17. Pentest Tools List
  18. Pentest Tools Url Fuzzer
  19. Easy Hack Tools
  20. Hacking Tools Online
  21. Hacking Tools Github
  22. Hacker Tools For Mac
  23. Hacker Tools 2020
  24. Hacking Tools Mac
  25. New Hacker Tools
  26. Hacking Tools Kit
  27. Pentest Tools Find Subdomains
  28. Pentest Tools Bluekeep
  29. Blackhat Hacker Tools
  30. Hacking Tools Hardware
  31. Hacking Tools Online
  32. Tools Used For Hacking
  33. Free Pentest Tools For Windows
  34. Pentest Tools Website Vulnerability
  35. Hack Tool Apk No Root
  36. Hacking Tools Windows
  37. Hacker Tools Apk Download
  38. Hacker Security Tools
  39. Pentest Tools For Mac
  40. What Is Hacking Tools
  41. Pentest Automation Tools
  42. Hacker
  43. Hacker Tools Apk
  44. Pentest Tools Online
  45. Nsa Hack Tools Download
  46. Hackers Toolbox
  47. Pentest Automation Tools
  48. Hacker Security Tools
  49. Hack Tools Online
  50. Hacking Tools 2020
  51. How To Make Hacking Tools
  52. Pentest Tools Nmap
  53. How To Hack
  54. Best Hacking Tools 2020
  55. Easy Hack Tools
  56. Hacker Tools Online
  57. Hack Tools Github
  58. World No 1 Hacker Software
  59. Hacking Tools Name
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)