Sabtu, Januari 20, 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related word


  1. Hacking Tools Pc
  2. Pentest Tools Nmap
  3. Tools Used For Hacking
  4. Hacking Tools Github
  5. Pentest Tools Download
  6. Hacker Hardware Tools
  7. Hack Tools 2019
  8. Hack Website Online Tool
  9. What Are Hacking Tools
  10. Hacking Apps
  11. Hack Tools
  12. Hack Tools For Mac
  13. Pentest Tools Android
  14. Pentest Tools Online
  15. Hacker Tools Online
  16. How To Hack
  17. Easy Hack Tools
  18. Pentest Tools Website Vulnerability
  19. Pentest Tools Kali Linux
  20. Pentest Tools Kali Linux
  21. Pentest Tools Url Fuzzer
  22. Termux Hacking Tools 2019
  23. Hacker Tool Kit
  24. Pentest Automation Tools
  25. World No 1 Hacker Software
  26. Hacker Tools 2020
  27. Pentest Tools Find Subdomains
  28. Hacker Tools Free
  29. Hacker Techniques Tools And Incident Handling
  30. Nsa Hacker Tools
  31. Underground Hacker Sites
  32. Wifi Hacker Tools For Windows
  33. Pentest Automation Tools
  34. Pentest Tools Website Vulnerability
  35. Best Hacking Tools 2020
  36. Pentest Tools Online
  37. Hacker Tools 2019
  38. Hack Tools For Mac
  39. Hacking Tools For Windows
  40. Physical Pentest Tools
  41. Hack Rom Tools
  42. Hacking Tools And Software
  43. Pentest Tools Tcp Port Scanner
  44. Nsa Hack Tools Download
  45. Github Hacking Tools
  46. Hacker Tools For Ios
  47. Best Pentesting Tools 2018
  48. Hacking Tools 2020
  49. Best Hacking Tools 2019
  50. Hack Website Online Tool
  51. Hack Tools Github
  52. Blackhat Hacker Tools
  53. Hack Website Online Tool
  54. Physical Pentest Tools
  55. Hacker Tools Hardware
  56. Blackhat Hacker Tools
  57. Pentest Tools Open Source
  58. Pentest Tools Tcp Port Scanner
  59. Hack Tool Apk No Root
  60. Hacker Tools
  61. Hack Tools For Pc
  62. Hack Tools Mac
  63. Hacker Tools For Mac
  64. Pentest Tools Download
  65. Hack App
  66. Pentest Tools For Ubuntu
  67. Install Pentest Tools Ubuntu
  68. Pentest Tools Tcp Port Scanner
  69. Hacking Tools For Windows 7
  70. Beginner Hacker Tools
  71. Hacker Tools
  72. Hacking Tools Windows 10
  73. Hacking Tools For Games
  74. How To Make Hacking Tools
  75. Pentest Tools Find Subdomains
  76. Hack Website Online Tool
  77. Tools Used For Hacking
  78. Hack Apps
  79. Pentest Tools Port Scanner
  80. Top Pentest Tools
  81. Hacking Tools Windows 10
  82. Hacking Tools Mac
  83. Hacking Tools Windows
  84. Free Pentest Tools For Windows
  85. Hacking Tools Free Download
  86. Pentest Tools Tcp Port Scanner
  87. Hack Tools Mac
  88. Hack Tools For Windows
  89. Hack Rom Tools
  90. Growth Hacker Tools
  91. Hacking Tools 2020
  92. Pentest Tools
  93. Hack Tools For Pc
  94. Hacker Tools Github
  95. Black Hat Hacker Tools
  96. Pentest Tools Android
  97. What Is Hacking Tools
  98. Pentest Tools Bluekeep
  99. How To Install Pentest Tools In Ubuntu
  100. Pentest Tools Github
  101. Pentest Recon Tools
  102. Hacking Tools 2020
  103. Bluetooth Hacking Tools Kali
  104. Hacking Tools Free Download
  105. Pentest Tools Subdomain
  106. Hack Tools 2019
  107. Pentest Tools
  108. Pentest Tools Free
  109. Pentest Tools Url Fuzzer
  110. Hack Tool Apk No Root
  111. Hack Tools Mac
  112. Physical Pentest Tools
  113. Hacking Tools 2019
  114. Hacking Tools Online
  115. Tools For Hacker
  116. Hacking Tools For Beginners
  117. Black Hat Hacker Tools
  118. Hacking Tools
  119. Pentest Tools Android
  120. Hacking Tools Name
  121. Hacker Tools
  122. Nsa Hacker Tools
  123. World No 1 Hacker Software
  124. Hacker Tools Hardware
  125. Nsa Hacker Tools
  126. Pentest Tools Find Subdomains
  127. Pentest Tools Open Source
  128. Hack Tools
  129. Hacking Tools Usb
  130. Install Pentest Tools Ubuntu
  131. Hacking Tools For Kali Linux
  132. Pentest Tools Free
  133. Hack Tools For Games
  134. Game Hacking
  135. What Are Hacking Tools
  136. Hacker Tools For Ios
  137. What Is Hacking Tools
  138. Pentest Tools For Windows
  139. Tools 4 Hack
  140. Free Pentest Tools For Windows
  141. Hacker Security Tools
  142. Pentest Tools Subdomain
  143. Pentest Reporting Tools
  144. Hacking Tools Download
  145. Hacker Tools Free
  146. Physical Pentest Tools
  147. Hack Tools Github
  148. Pentest Recon Tools
  149. Hacker Tools Linux
  150. Hacking Tools For Mac
  151. Pentest Automation Tools
  152. Install Pentest Tools Ubuntu
  153. Hacker Tools For Mac
  154. Github Hacking Tools
  155. Pentest Tools Download
  156. Hacker Tools List
  157. Hacking Tools For Windows 7
  158. Bluetooth Hacking Tools Kali
  159. Github Hacking Tools
  160. Hacking Tools For Beginners
  161. Hack Rom Tools
  162. Pentest Tools Github
Coretan at

Tiada ulasan:

Catat Ulasan

Langgan: Catat Ulasan (Atom)