Monday, January 22, 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related posts
  1. Pentest Tools Nmap
  2. Hacking Tools Mac
  3. Pentest Tools Kali Linux
  4. Pentest Tools Nmap
  5. Hacking Tools For Games
  6. Hack Tools For Ubuntu
  7. Pentest Tools Android
  8. Pentest Automation Tools
  9. Pentest Tools Tcp Port Scanner
  10. Pentest Tools Github
  11. Pentest Tools
  12. Hacker Tools 2020
  13. Pentest Tools For Android
  14. Hacking Tools 2019
  15. Hacker Tools Apk
  16. Hacker Tools Mac
  17. Hak5 Tools
  18. Hack And Tools
  19. Pentest Automation Tools
  20. Hacker Tools For Mac
  21. Pentest Tools Nmap
  22. Pentest Tools For Android
  23. Hacker Tools Linux
  24. Hacker Tools Linux
  25. Hack Tools For Mac
  26. Pentest Tools Website
  27. Hacker Tools Github
  28. Pentest Box Tools Download
  29. Pentest Tools Kali Linux
  30. Hacker Tools List
  31. Hacking Tools For Mac
  32. Pentest Tools Free
  33. Hacking Tools Online
  34. What Is Hacking Tools
  35. Tools 4 Hack
  36. Pentest Tools Open Source
  37. Pentest Recon Tools
  38. World No 1 Hacker Software
  39. Easy Hack Tools
  40. What Are Hacking Tools
  41. Pentest Tools Kali Linux
  42. Pentest Reporting Tools
  43. Hacker Tools Online
  44. Best Pentesting Tools 2018
  45. Hacker Tools 2019
  46. Free Pentest Tools For Windows
  47. Tools For Hacker
  48. Hacker Tools Online
  49. Pentest Tools Linux
  50. Hacking Tools For Mac
  51. Usb Pentest Tools
  52. Hacking Tools Github
  53. Hacker Tools Mac
  54. Pentest Tools Framework
  55. Best Pentesting Tools 2018
  56. Hacker Tools 2019
  57. Github Hacking Tools
  58. Usb Pentest Tools
  59. Hack Tool Apk No Root
  60. Hacking Tools Free Download
  61. Hack Tools For Pc
  62. Physical Pentest Tools
  63. Hacker Security Tools
  64. Nsa Hacker Tools
  65. Best Hacking Tools 2019
  66. Pentest Tools Tcp Port Scanner
  67. Pentest Tools Windows
  68. Hacking Tools Pc
  69. Pentest Tools Nmap
  70. Hacker Tools Apk
  71. Hackrf Tools
  72. Bluetooth Hacking Tools Kali
  73. Pentest Tools Alternative
  74. Hack Tools For Mac
  75. Hack Tools 2019
  76. Hacking Tools Name
  77. Top Pentest Tools
  78. Hacker Tools Software
  79. Hack Tools
  80. Beginner Hacker Tools
  81. Pentest Tools Free
  82. Hacker Tools For Mac
  83. Physical Pentest Tools
  84. Hacker Tools Free Download
  85. Pentest Tools Website
  86. Hack Tool Apk
  87. Hacking Tools For Games
  88. How To Install Pentest Tools In Ubuntu
  89. Kik Hack Tools
  90. Hacking Tools Software
  91. Github Hacking Tools
  92. Pentest Tools Url Fuzzer
  93. Best Pentesting Tools 2018
  94. Kik Hack Tools
  95. Github Hacking Tools
  96. Pentest Recon Tools
  97. Hacker Tools
  98. Hacking Tools Windows
  99. Hacker Tools Free
  100. Pentest Reporting Tools
  101. Hacking Tools 2020
  102. Hacker Security Tools
  103. Pentest Tools Android
  104. Pentest Tools Tcp Port Scanner
  105. Game Hacking
  106. Pentest Tools Website Vulnerability
  107. Pentest Tools Windows
  108. Pentest Tools Free
  109. Hacker Tools Hardware
  110. Hacker Tools Free Download
  111. Hack Tools For Games
  112. Hacking Tools Pc
  113. Pentest Tools
  114. Pentest Tools Url Fuzzer
  115. Hacker Tools For Ios
  116. Hacking Tools Download
  117. Pentest Tools Nmap
  118. Hack Tools Mac
  119. Hack Tool Apk No Root
  120. Hacking Tools And Software
  121. What Are Hacking Tools
  122. Hack Tools
  123. Physical Pentest Tools
  124. Hacker Search Tools
  125. Hack Tools Online
  126. Github Hacking Tools
  127. New Hacker Tools
  128. Hacking Tools And Software
  129. Hack Tool Apk
  130. Hack Tools Download
  131. Pentest Tools Subdomain
  132. Best Pentesting Tools 2018
  133. Hack App
  134. Blackhat Hacker Tools
  135. Pentest Tools Website Vulnerability
  136. Pentest Reporting Tools
  137. Hacking Tools For Windows
  138. Hacking Tools For Windows Free Download
  139. Hak5 Tools
  140. Hacks And Tools
  141. Hacker Tools Mac
  142. What Are Hacking Tools
  143. Hacking Tools Software
  144. Pentest Tools Github
  145. Hacker Hardware Tools
  146. Hacking Tools 2019
  147. Pentest Tools Find Subdomains
  148. Hacking Tools Download
  149. Hack And Tools
  150. Beginner Hacker Tools
  151. Hacking Tools Name
  152. Hack Tools Mac
  153. Hacker Tools 2019
  154. Hacking Tools For Windows Free Download
  155. Pentest Tools For Mac
  156. New Hacker Tools
  157. Hacking Tools
  158. Pentest Box Tools Download
  159. Hacker Tools
  160. Hacker Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)