Monday, June 05, 2023

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related links


  1. Hack Tools Mac
  2. Bluetooth Hacking Tools Kali
  3. Pentest Automation Tools
  4. Bluetooth Hacking Tools Kali
  5. Computer Hacker
  6. Pentest Tools Linux
  7. Game Hacking
  8. Pentest Tools Open Source
  9. Hack Tools Mac
  10. Hack Tools Online
  11. Hacking Tools Mac
  12. Pentest Tools Url Fuzzer
  13. Hacking Tools Pc
  14. Top Pentest Tools
  15. Hacking Tools For Windows 7
  16. How To Install Pentest Tools In Ubuntu
  17. Hack Apps
  18. Hackers Toolbox
  19. Hacking Tools For Mac
  20. How To Make Hacking Tools
  21. Hack Website Online Tool
  22. Hacker Tools
  23. Hacking Tools Usb
  24. Bluetooth Hacking Tools Kali
  25. Pentest Box Tools Download
  26. Hacker Tools For Mac
  27. Hacking Tools Usb
  28. Best Hacking Tools 2020
  29. How To Make Hacking Tools
  30. Growth Hacker Tools
  31. Computer Hacker
  32. Hack And Tools
  33. Underground Hacker Sites
  34. Install Pentest Tools Ubuntu
  35. Hacker Tools Software
  36. Hacking Apps
  37. Pentest Tools Bluekeep
  38. Hacker Security Tools
  39. Bluetooth Hacking Tools Kali
  40. Pentest Tools Tcp Port Scanner
  41. Ethical Hacker Tools
  42. Hacker Tools Github
  43. Hacking Tools Github
  44. Pentest Tools Windows
  45. Hacking Tools Github
  46. Pentest Tools Kali Linux
  47. Hack Apps
  48. Tools For Hacker
  49. Wifi Hacker Tools For Windows
  50. Hacker Tools Linux
  51. Pentest Tools Apk
  52. Hack Tools 2019
  53. Pentest Tools Download
  54. Pentest Tools
  55. Pentest Tools For Android
  56. What Are Hacking Tools
  57. Pentest Tools Find Subdomains
  58. Hacker Tools For Mac
  59. New Hacker Tools
  60. Wifi Hacker Tools For Windows
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)