Sunday, August 23, 2020

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More articles

  1. Hacking Tools Pc
  2. Hacker Search Tools
  3. Hack Tools Mac
  4. How To Make Hacking Tools
  5. Hacker Tools For Windows
  6. Hackers Toolbox
  7. Termux Hacking Tools 2019
  8. Hack Tools 2019
  9. New Hack Tools
  10. Hackers Toolbox
  11. Pentest Tools Subdomain
  12. New Hacker Tools
  13. Hacking Apps
  14. Pentest Tools Online
  15. Black Hat Hacker Tools
  16. Usb Pentest Tools
  17. Pentest Tools Framework
  18. Hacker Security Tools
  19. Hacking Tools
  20. Hacking Tools Hardware
  21. Hacker Tools For Windows
  22. Hacker Tools For Mac
  23. Hacker Tools For Windows
  24. Github Hacking Tools
  25. How To Make Hacking Tools
  26. Blackhat Hacker Tools
  27. Physical Pentest Tools
  28. Hack Tools For Games
  29. Pentest Tools Review
  30. Pentest Tools Android
  31. Hack And Tools
  32. Tools 4 Hack
  33. Hacking Tools 2020
  34. Hack Tools For Games
  35. Pentest Tools Linux
  36. Hacker Tools Software
  37. How To Hack
  38. Pentest Tools Open Source
  39. Pentest Tools Tcp Port Scanner
  40. Hacking Tools Hardware
  41. Pentest Tools For Windows
  42. Tools 4 Hack
  43. Hacking Apps
  44. Hack Tools Mac
  45. Hacks And Tools
  46. New Hacker Tools
  47. Hacking Tools For Windows Free Download
  48. Pentest Tools Alternative
  49. What Is Hacking Tools
  50. Pentest Tools Open Source
  51. Pentest Tools Windows
  52. Hack Tools Download
  53. Pentest Automation Tools
  54. Easy Hack Tools
  55. Pentest Tools Online
  56. Pentest Tools Linux
  57. Hack Tool Apk No Root
  58. New Hack Tools
  59. Pentest Recon Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)