CLICK HERE FOR FREE BLOGGER TEMPLATES, LINK BUTTONS AND MORE! »

Monday 29 May 2023

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More info
  1. Pentest Tools Open Source
  2. Hacking Tools Online
  3. Hacking Tools 2020
  4. Hacking Tools Windows
  5. New Hack Tools
  6. Hack Tools Online
  7. Pentest Tools For Mac
  8. Hacking Tools Kit
  9. Hacker Security Tools
  10. Best Hacking Tools 2019
  11. Hacker Tools Github
  12. What Is Hacking Tools
  13. Pentest Tools Website Vulnerability
  14. Hacking Tools Download
  15. Hack Tools
  16. Hacking Tools For Pc
  17. Pentest Tools Windows
  18. Hacking Tools Kit
  19. Pentest Tools Apk
  20. Easy Hack Tools
  21. Pentest Tools Apk
  22. Hacker Tools
  23. Hacker Techniques Tools And Incident Handling
  24. Pentest Tools For Mac
  25. Pentest Tools List
  26. What Are Hacking Tools
  27. Ethical Hacker Tools
  28. Hacker Tools For Mac
  29. Hacker Tools Linux
  30. Pentest Tools Port Scanner
  31. Ethical Hacker Tools
  32. Pentest Tools Review
  33. Hacking Apps
  34. Hacking Tools And Software
  35. Pentest Tools For Android
  36. Pentest Tools Open Source
  37. Hacking Tools 2020
  38. Pentest Tools Open Source
  39. Pentest Tools Find Subdomains
  40. Hacker Tools Free
  41. Hack Website Online Tool
  42. Pentest Tools Github
  43. Pentest Tools Port Scanner
  44. Hacker Tools
  45. Tools 4 Hack
  46. Hacker Tools Apk Download
  47. Hacking Tools For Kali Linux
  48. Best Pentesting Tools 2018
  49. Best Hacking Tools 2020
  50. Hacks And Tools
  51. Tools 4 Hack
  52. Hack Tools For Pc
  53. How To Make Hacking Tools
  54. Hack Tools
  55. How To Install Pentest Tools In Ubuntu
  56. Pentest Tools Nmap
  57. Hacker Tools For Ios
  58. Pentest Tools For Android
  59. Pentest Tools Android
  60. Hacker Tools List
  61. Hacks And Tools
  62. Hacker Search Tools
  63. Hack Tools
  64. Hack Tools For Games
  65. Hack Tools Github
  66. Hacking Tools For Pc
  67. Hacker Techniques Tools And Incident Handling
  68. Pentest Tools For Ubuntu
  69. World No 1 Hacker Software
  70. Pentest Tools Review
  71. Hack Website Online Tool
  72. Hack Tools 2019
  73. Pentest Tools
  74. Pentest Tools For Ubuntu
  75. Hacker Tools Free
  76. Hacking Tools Windows
  77. Pentest Tools Open Source
  78. Pentest Tools Online
  79. Hack Tools 2019
  80. Pentest Automation Tools
  81. Hacking Tools For Beginners
  82. Hacking Tools For Windows 7
  83. Hacker Tools Linux
  84. Pentest Tools For Ubuntu
  85. Ethical Hacker Tools
  86. Pentest Tools Tcp Port Scanner
  87. Hacking Tools Windows
Posted by angie at 10:28

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)