ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related links

  1. Hacking Tools Free Download
  2. Pentest Tools Free
  3. How To Hack
  4. Hacker
  5. Pentest Tools Download
  6. Hacker Techniques Tools And Incident Handling
  7. Hack Tools Pc
  8. Hacker Tools List
  9. Hack Tools For Games
  10. Hacking Tools For Games
  11. Hacker Tools 2020
  12. Pentest Tools Linux
  13. Hacking Tools Github
  14. Easy Hack Tools
  15. Hacking Tools For Beginners
  16. Hack Tools
  17. Hacking Tools For Windows Free Download
  18. Hacking Tools Free Download
  19. Hacker Tools For Ios
  20. Pentest Tools Linux
  21. Hacking Tools 2020
  22. Hacker Tools Free Download
  23. Ethical Hacker Tools
  24. Pentest Tools Free
  25. Easy Hack Tools
  26. Easy Hack Tools
  27. Hack And Tools
  28. Pentest Tools Free
  29. Hacker Tools Linux
  30. Hacking Tools Download
  31. Beginner Hacker Tools
  32. Hacker Tools Linux
  33. Hacker Search Tools
  34. Hacking Tools Kit
  35. Pentest Tools For Mac
  36. Tools 4 Hack
  37. Termux Hacking Tools 2019
  38. Pentest Tools
  39. Nsa Hack Tools
  40. Hacker Tools For Ios
  41. Pentest Recon Tools
  42. Hacker Tools Linux
  43. Best Hacking Tools 2020
  44. Pentest Tools Url Fuzzer
  45. How To Hack
  46. Nsa Hack Tools Download
  47. Hacking Tools For Mac
  48. Termux Hacking Tools 2019
  49. Pentest Tools Apk
  50. Github Hacking Tools
  51. Hacking Tools
  52. Hacker Tool Kit
  53. Pentest Tools Website
  54. Android Hack Tools Github
  55. Hack Tools Download
  56. Game Hacking
  57. Install Pentest Tools Ubuntu
  58. World No 1 Hacker Software
  59. Hack Tools Online
  60. Pentest Box Tools Download
  61. Pentest Tools Apk
  62. Hacking Tools Pc
  63. Hacking Apps
  64. Pentest Tools Free
  65. Hacking Tools For Games
  66. Pentest Tools For Windows
  67. Hack Tools
  68. Hacker Search Tools
  69. Pentest Tools Windows
  70. Pentest Tools
  71. Hacker Tools For Ios
  72. Pentest Tools Find Subdomains
  73. Beginner Hacker Tools
  74. Hacking Tools For Pc
  75. Hacking Tools Windows 10
  76. Hacking Tools 2020
  77. Bluetooth Hacking Tools Kali
  78. Hack Tools Mac
  79. Hacker Security Tools
  80. Usb Pentest Tools
  81. Hacking Tools Windows
  82. Pentest Tools Website Vulnerability
  83. Hacker Tools Mac
  84. New Hack Tools
  85. Hacking Tools 2019
  86. Pentest Tools For Mac
  87. How To Install Pentest Tools In Ubuntu
  88. Hacker Tools Windows
  89. Pentest Tools Tcp Port Scanner
  90. Hacking Apps
  91. Hacking Tools For Windows 7
  92. Hacker Techniques Tools And Incident Handling
  93. Easy Hack Tools
  94. Nsa Hack Tools
  95. Hacking Tools For Beginners
  96. Android Hack Tools Github
  97. Pentest Tools Download
  98. Hack Tools 2019
  99. Pentest Tools Framework
  100. Hacker Tools Windows
  101. Hacker Techniques Tools And Incident Handling
  102. Tools 4 Hack
  103. Hack Tool Apk
  104. Hacker Hardware Tools
  105. Hacking Tools For Mac
  106. Hacker Security Tools
  107. Pentest Tools Android
  108. Hacking App
  109. Tools For Hacker
  110. Computer Hacker
  111. Pentest Tools For Android
  112. Best Pentesting Tools 2018
  113. Hacking Tools Pc
  114. Hacking Tools For Windows
  115. Termux Hacking Tools 2019
  116. Hack Tools Mac
  117. Free Pentest Tools For Windows
  118. Hackrf Tools
  119. Hack Tools 2019
  120. Hacker Tools Apk Download
  121. How To Hack
  122. Hack Tools
  123. Hacker Tools Apk
  124. Termux Hacking Tools 2019
  125. Hack Tools Mac
  126. Hacking Tools Kit
  127. Hacking Tools 2020
  128. Pentest Tools Framework
  129. Hacker Search Tools
  130. Pentest Tools Website
  131. Hacker Tools For Mac
  132. Hacking Tools Download
  133. Hack Tools Download
  134. Hack Tools For Pc

0 comments:

Post a Comment