onsdag 24. januar 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related news
  1. Usb Pentest Tools
  2. Pentest Automation Tools
  3. Ethical Hacker Tools
  4. Pentest Tools Online
  5. Game Hacking
  6. Hack Tools Mac
  7. Hacker Tools Online
  8. Game Hacking
  9. Pentest Tools Download
  10. Hak5 Tools
  11. Pentest Box Tools Download
  12. Pentest Tools For Mac
  13. Hacker Tool Kit
  14. Pentest Tools List
  15. Hacking Tools For Kali Linux
  16. Hack Tools For Mac
  17. Hacking Tools For Pc
  18. Pentest Tools Apk
  19. Hack Tool Apk No Root
  20. Hacking Tools Windows 10
  21. Hack Apps
  22. Hacking Tools Kit
  23. Hacker Tools Github
  24. Hack Apps
  25. Hacker Tools Github
  26. Pentest Tools Download
  27. Pentest Tools For Android
  28. Hacker Security Tools
  29. Hacker Tools Hardware
  30. Github Hacking Tools
  31. Hacker Tools Apk
  32. Hacking Tools For Windows
  33. Underground Hacker Sites
  34. Hacking Tools Online
  35. World No 1 Hacker Software
  36. Tools Used For Hacking
  37. Bluetooth Hacking Tools Kali
  38. Hacker Tools
  39. Beginner Hacker Tools
  40. What Are Hacking Tools
  41. Pentest Tools Tcp Port Scanner
  42. Tools Used For Hacking
  43. Pentest Tools Find Subdomains
  44. How To Make Hacking Tools
  45. Computer Hacker
  46. Tools Used For Hacking
  47. Black Hat Hacker Tools
  48. Pentest Tools Alternative
  49. Pentest Tools For Mac
  50. Hacking Tools Online
  51. World No 1 Hacker Software
  52. Hacking Tools For Windows Free Download
  53. Pentest Tools Tcp Port Scanner
  54. Pentest Tools Open Source
  55. Pentest Tools
  56. Bluetooth Hacking Tools Kali
  57. Hacker Tools Mac
  58. Hacker Tool Kit
  59. Pentest Tools Free
  60. Hacks And Tools
  61. Hacker Tools Free Download
  62. Hack Tools For Ubuntu
  63. Hacking Apps
  64. Pentest Tools Tcp Port Scanner
  65. Hacker Tools Github
  66. Nsa Hack Tools
  67. World No 1 Hacker Software
  68. Pentest Tools For Android
  69. Nsa Hack Tools
  70. Hak5 Tools
  71. Nsa Hacker Tools
  72. Hak5 Tools
  73. Hacking Tools Windows 10
  74. Hacking Tools 2020
  75. Tools Used For Hacking
  76. Hacking Tools
  77. How To Hack
  78. Kik Hack Tools
  79. Hacking Tools For Games
  80. Wifi Hacker Tools For Windows
  81. Hacker Tools Github
  82. Hacking Tools Name
  83. Game Hacking
  84. Hack Tools For Pc
  85. Pentest Tools Tcp Port Scanner
  86. Hacking Tools For Mac
  87. Termux Hacking Tools 2019
  88. Pentest Tools For Android
  89. Hack Tools For Ubuntu
  90. Hack Tools Download
  91. Usb Pentest Tools
  92. Pentest Tools For Windows
  93. Growth Hacker Tools
  94. Hacking Tools 2020
  95. Hacker Tools 2020
  96. Kik Hack Tools
  97. How To Hack
  98. New Hacker Tools
  99. World No 1 Hacker Software
  100. Hacking Tools Hardware
  101. Usb Pentest Tools
  102. Hacking Tools For Beginners
  103. Hacking Tools For Mac
  104. Hack Tools For Games
  105. Ethical Hacker Tools
  106. Hacking Tools Mac
  107. Hacker Tools 2019
  108. Github Hacking Tools
  109. Physical Pentest Tools
  110. Pentest Tools For Ubuntu
  111. Hacking Tools Kit
  112. Hacking Tools Mac
  113. Best Hacking Tools 2019
  114. Pentest Tools Apk
  115. Hacking Tools Mac
  116. Pentest Tools For Windows
  117. Hack Tools Github
  118. Hack App
  119. Hacking Tools 2020
  120. Tools Used For Hacking
  121. Hack Tools Pc
  122. Hacker Tools 2020
  123. Hack Tools Github
  124. Hacker Tools Apk Download
  125. Pentest Tools For Mac
  126. Hacker Tool Kit
  127. Hacker Tool Kit
  128. Usb Pentest Tools
  129. Hacker Tools Apk Download
  130. Hacking Tools Kit
  131. Install Pentest Tools Ubuntu
  132. Hacking Tools Name
  133. Hack Tools For Windows
  134. Kik Hack Tools
  135. Hacker Tools Github
  136. Top Pentest Tools
  137. Hacker Tools Linux
  138. Hack Tools Github
  139. Hacker Tools Apk
  140. Hacking Tools Windows 10
  141. Hack Tools Online
  142. Hacking Tools
  143. Pentest Tools Bluekeep
  144. Hacking Apps
  145. Hack Tools 2019
  146. Hacker Tools For Mac
  147. Hacking Tools For Windows 7
Lagt inn av kl.

Ingen kommentarer:

Legg inn en kommentar

Abonner på: Legg inn kommentarer (Atom)