Just connecting to the service, a 64bit cpu registers dump is received, and so does several binary code as you can see:
The registers represent an initial cpu state, and we have to reply with the registers result of the binary code execution. This must be automated becouse of the 10 seconds server socket timeout.
The exploit is quite simple, we have to set the cpu registers to this values, execute the code and get resulting registers.
In python we created two structures for the initial state and the ending state.
finalRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}
We inject at the beginning several movs for setting the initial state:
for r in cpuRegs.keys():
code.append('mov %s, %s' % (r, cpuRegs[r]))
The 64bit compilation of the movs and the binary code, but changing the last ret instruction by a sigtrap "int 3"
We compile with nasm in this way:
os.popen('nasm -f elf64 code.asm')
os.popen('ld -o code code.o ')
And use GDB to execute the code until the sigtrap, and then get the registers
fd = os.popen("gdb code -ex 'r' -ex 'i r' -ex 'quit'",'r')
for l in fd.readlines():
for x in finalRegs.keys():
...
We just parse the registers and send the to the server in the same format, and got the key.
The code:
from libcookie import *
from asm import *
import os
import sys
host = 'catwestern_631d7907670909fc4df2defc13f2057c.quals.shallweplayaga.me'
port = 9999
cpuRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}
finalRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}
fregs = 15
s = Sock(TCP)
s.timeout = 999
s.connect(host,port)
data = s.readUntil('bytes:')
#data = s.read(sz)
#data = s.readAll()
sz = 0
for r in data.split('\n'):
for rk in cpuRegs.keys():
if r.startswith(rk):
cpuRegs[rk] = r.split('=')[1]
if 'bytes' in r:
sz = int(r.split(' ')[3])
binary = data[-sz:]
code = []
print '[',binary,']'
print 'given size:',sz,'bin size:',len(binary)
print cpuRegs
for r in cpuRegs.keys():
code.append('mov %s, %s' % (r, cpuRegs[r]))
#print code
fd = open('code.asm','w')
fd.write('\n'.join(code)+'\n')
fd.close()
Capstone().dump('x86','64',binary,'code.asm')
print 'Compilando ...'
os.popen('nasm -f elf64 code.asm')
os.popen('ld -o code code.o ')
print 'Ejecutando ...'
fd = os.popen("gdb code -ex 'r' -ex 'i r' -ex 'quit'",'r')
for l in fd.readlines():
for x in finalRegs.keys():
if x in l:
l = l.replace('\t',' ')
try:
i = 12
spl = l.split(' ')
if spl[i] == '':
i+=1
print 'reg: ',x
finalRegs[x] = l.split(' ')[i].split('\t')[0]
except:
print 'err: '+l
fregs -= 1
if fregs == 0:
#print 'sending regs ...'
#print finalRegs
buff = []
for k in finalRegs.keys():
buff.append('%s=%s' % (k,finalRegs[k]))
print '\n'.join(buff)+'\n'
print s.readAll()
s.write('\n'.join(buff)+'\n\n\n')
print 'waiting flag ....'
print s.readAll()
print '----- yeah? -----'
s.close()
fd.close()
s.close()
Read more
- Hack Tools For Ubuntu
- Black Hat Hacker Tools
- Hacking Tools Free Download
- Pentest Tools Download
- Hacker
- Hacking Tools For Windows 7
- Hacking Tools For Pc
- Kik Hack Tools
- Pentest Tools Review
- Top Pentest Tools
- Pentest Tools Website Vulnerability
- Hacking Tools Windows
- Hack And Tools
- Pentest Tools Website
- Pentest Tools Website
- Pentest Tools Framework
- Hacker Tools Free Download
- Pentest Tools Open Source
- Beginner Hacker Tools
- Hacker Tools Free Download
- Pentest Tools
- Hacking Tools Download
- Kik Hack Tools
- Pentest Tools Find Subdomains
- Hacking Tools Github
- Easy Hack Tools
- What Are Hacking Tools
- Pentest Tools For Android
- Pentest Tools Apk
- Pentest Tools For Android
- Hacking Tools Free Download
- Hacker Tools Online
- Hacking Tools 2019
- Hacking Tools For Windows
- Hacker Tools Apk Download
- Pentest Tools For Windows
- Hacker Tools Windows
- Hack Website Online Tool
- Hacker Tools Free Download
- Hack Tools Download
- Hacking Tools Online
- Hacker Tool Kit
- Pentest Automation Tools
- How To Make Hacking Tools
- Pentest Tools Review
- Pentest Box Tools Download
- Hack And Tools
- Hack Tools Download
- Pentest Tools For Android
- Pentest Tools For Ubuntu
- Pentest Tools Online
- Hack Tools For Windows
- New Hack Tools
- Hack Tools For Windows
- Pentest Tools Review
- Pentest Tools For Windows
- Hacker Hardware Tools
- Tools For Hacker
- Hacking Tools Windows
- Hacking Tools For Kali Linux
- Pentest Tools Port Scanner
- Hacking Apps
- Hacking Tools Windows
- Hacking Tools 2020
- Hacker Tools Mac
- Pentest Tools Windows
- Hacking Tools For Windows Free Download
- Hack Tools For Games
- Hack Tools 2019
- Pentest Tools Github
- Hack Tools For Windows
- Hacking Tools For Windows 7
- Free Pentest Tools For Windows
- Hack App
- How To Make Hacking Tools
- Pentest Box Tools Download
- Hacker
- Pentest Tools Tcp Port Scanner
- Hack Tools For Ubuntu
- Hacker Tool Kit
- Hacking Tools Windows 10
- Hack Tools For Mac
- Pentest Tools For Android
- Pentest Tools For Mac
- Hacking Tools For Games
- Hacker Tools Hardware
- Pentest Tools Url Fuzzer
- Hack Tool Apk No Root
- Hack Website Online Tool
- Pentest Tools Website Vulnerability
- Beginner Hacker Tools
- Hacking Tools For Kali Linux
- Hacking Tools Pc
- Pentest Tools Free
- Hacking Tools Hardware
- Pentest Reporting Tools
- Hack App
- Easy Hack Tools
- Hacking Tools Windows
- Hacker Tools Free Download
- Tools Used For Hacking
- How To Install Pentest Tools In Ubuntu
- Wifi Hacker Tools For Windows
- Best Hacking Tools 2019
- Computer Hacker
- Hacking Tools For Windows 7
- Hacking Tools For Games
- Hacking Tools
- New Hack Tools
- How To Install Pentest Tools In Ubuntu
- Hackers Toolbox
- Hacker Tools Mac
- Hack Tools Online
- Hacking Tools And Software
- Pentest Tools Download
- Tools For Hacker
- Pentest Tools Website Vulnerability
- Nsa Hacker Tools
- Pentest Tools List
- Pentest Tools Windows
- Hacking Tools 2020
- Game Hacking
- Pentest Tools Kali Linux
- Nsa Hack Tools
- Hack Website Online Tool
- What Are Hacking Tools
- Hack Tools For Windows
- Pentest Tools Download
- Hacker Tools Free Download
- How To Hack
- Tools 4 Hack
- New Hacker Tools
- Hack Tools Mac
- Best Hacking Tools 2020
- Pentest Tools Framework
- Best Hacking Tools 2019
- Kik Hack Tools
- Github Hacking Tools
- Hack Tools For Pc
- Hack Website Online Tool
- Hacker Tools Linux
- Hacker Tools 2020
- Hacking Tools Hardware
- Hacker Tools Free
- Pentest Tools List
- Hacking Tools Hardware
- Hack Tools For Pc
- Hacker Tools 2019
- Hack Tools
- Hack Tools For Ubuntu
- Hacking Tools Kit
- Bluetooth Hacking Tools Kali
- Hacking Tools Download
- Pentest Tools Kali Linux
- Hack App
- Growth Hacker Tools
- Hack Tools For Mac
No comments:
Post a Comment