Thursday, January 25, 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

8:27 AM  admin  No comments


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related articles


  1. Hacking Tools For Beginners
  2. Hack Tools Mac
  3. Top Pentest Tools
  4. Hacking Tools For Windows Free Download
  5. Hack Tools Github
  6. Hacker Tools Mac
  7. Top Pentest Tools
  8. Pentest Tools Port Scanner
  9. Hacker Tools Online
  10. Hacking Tools For Windows 7
  11. Hacker Tools Hardware
  12. Hacker Tools Hardware
  13. Pentest Tools Review
  14. Pentest Tools Port Scanner
  15. Hacker Tools For Ios
  16. Pentest Tools List
  17. Hack Tools 2019
  18. Hacker Hardware Tools
  19. Pentest Tools Kali Linux
  20. Hack Tools For Ubuntu
  21. Kik Hack Tools
  22. Usb Pentest Tools
  23. Kik Hack Tools
  24. Hacker Tools Hardware
  25. Hack Website Online Tool
  26. Hacker Tools Free
  27. Android Hack Tools Github
  28. Pentest Tools Find Subdomains
  29. Hacker Tools Online
  30. Hacking Tools Name
  31. Pentest Tools Download
  32. Hacking Tools Online
  33. How To Install Pentest Tools In Ubuntu
  34. Free Pentest Tools For Windows
  35. Hacker Tools Github
  36. Pentest Tools Github
  37. Hacking Tools Windows 10
  38. Hack Tool Apk No Root
  39. Hack And Tools
  40. Hacking Tools For Beginners
  41. Growth Hacker Tools
  42. Hack Tools Github
  43. Hacking Tools For Games
  44. Hacker Tools For Windows
  45. Hacker Tools Software
  46. Pentest Tools Download
  47. Hack Tools Github
  48. Beginner Hacker Tools
  49. Hacker Tools Mac
  50. Hacking Tools For Kali Linux
  51. Pentest Tools Kali Linux
  52. Pentest Tools For Mac
  53. Tools 4 Hack
  54. Growth Hacker Tools
  55. Hacker Search Tools
  56. Pentest Tools Free
  57. How To Install Pentest Tools In Ubuntu
  58. Hacker Tools Apk
  59. Physical Pentest Tools
  60. Hackrf Tools
  61. Tools 4 Hack
  62. Github Hacking Tools
  63. Hack Rom Tools
  64. Hacker Hardware Tools
  65. Hacking Tools Name
  66. Hack Tools
  67. Nsa Hack Tools
  68. Hacker Tools Free Download
  69. Hacker
  70. Pentest Tools Open Source
  71. Hack Tools Online
  72. Pentest Tools Find Subdomains
  73. Bluetooth Hacking Tools Kali
  74. Hack Tools For Windows
  75. Hacker Search Tools
  76. Hack Rom Tools
  77. Pentest Tools Online
  78. New Hacker Tools
  79. Pentest Tools For Ubuntu
  80. Hacker Tools Free
  81. Hacker Tools Free
  82. Best Pentesting Tools 2018
  83. Pentest Tools Website Vulnerability
  84. Kik Hack Tools
  85. Hack Tools Github
  86. Hacking Tools For Windows 7
  87. Hack Website Online Tool
  88. Hack Tools Github
  89. Hacking Tools Software

Posted in:

0 comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites