Sunday, June 4, 2023

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related articles
  1. Hack Tool Apk
  2. Hack Tools For Mac
  3. Pentest Tools Windows
  4. Hacking Tools
  5. Wifi Hacker Tools For Windows
  6. Hacking Tools Free Download
  7. Best Hacking Tools 2020
  8. How To Install Pentest Tools In Ubuntu
  9. Usb Pentest Tools
  10. Growth Hacker Tools
  11. Nsa Hack Tools
  12. Termux Hacking Tools 2019
  13. Hacker Tools Linux
  14. Hak5 Tools
  15. Nsa Hack Tools Download
  16. Hacking Tools
  17. Beginner Hacker Tools
  18. Pentest Tools Kali Linux
  19. New Hack Tools
  20. How To Install Pentest Tools In Ubuntu
  21. Hacking Tools For Pc
  22. Pentest Tools Bluekeep
  23. Hacker
  24. Pentest Tools For Ubuntu
  25. Hacker Tools Linux
  26. Hacking Tools Windows 10
  27. Hacker Tools Free Download
  28. Hack Tools For Games
  29. Pentest Tools Port Scanner
  30. Hacker Tools Apk
  31. How To Install Pentest Tools In Ubuntu
  32. Hack Tool Apk
  33. Hacking Tools Pc
  34. Hack And Tools
  35. Pentest Tools Website Vulnerability
  36. Free Pentest Tools For Windows
  37. Hacker Tools For Mac
  38. Hackers Toolbox
  39. Termux Hacking Tools 2019
  40. Hacking Tools For Windows 7
  41. Hacker Tools 2019
  42. Growth Hacker Tools
  43. Pentest Tools Find Subdomains
  44. Pentest Recon Tools
  45. Hacking Tools
  46. Hack Tools 2019
  47. Easy Hack Tools
  48. Hack Tools For Mac
  49. Pentest Tools For Windows
  50. Hacker Tools Free
  51. Hack App
  52. Nsa Hack Tools Download
  53. Pentest Tools Nmap
  54. Hack Tools For Pc
  55. Hacker Tools 2020
  56. Best Hacking Tools 2020
  57. What Is Hacking Tools
  58. Hacking Tools For Windows 7
  59. Hacking Tools
  60. Hacking Tools Free Download
  61. Pentest Tools Subdomain
  62. Hacking Tools Hardware
  63. Pentest Tools Website
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)