Aug 25, 2020

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More articles
  1. Tools Used For Hacking
  2. Pentest Tools Apk
  3. Hacking Tools For Games
  4. New Hack Tools
  5. Tools For Hacker
  6. Hacking Tools Windows 10
  7. Best Hacking Tools 2020
  8. Tools 4 Hack
  9. Hacker Tools
  10. Hacks And Tools
  11. Hacker Tools Hardware
  12. Wifi Hacker Tools For Windows
  13. Hack Tool Apk No Root
  14. Top Pentest Tools
  15. Pentest Tools Online
  16. Hack Tools For Mac
  17. Hack Tools 2019
  18. Best Pentesting Tools 2018
  19. Hackrf Tools
  20. Wifi Hacker Tools For Windows
  21. Pentest Tools For Ubuntu
  22. Computer Hacker
  23. Pentest Reporting Tools
  24. Hacker Tools For Mac
  25. Pentest Tools Port Scanner
  26. How To Install Pentest Tools In Ubuntu
  27. Hacking Tools Hardware
  28. Hacker Tools 2019
  29. Hacker Security Tools
  30. Hacking Tools 2019
  31. Pentest Tools Alternative
  32. Pentest Tools
  33. Blackhat Hacker Tools
  34. Hacking Tools 2019
  35. Pentest Tools Subdomain
  36. Hacker Tools Linux
  37. Best Pentesting Tools 2018
  38. Hacking Tools Kit
  39. Pentest Box Tools Download
  40. Hackrf Tools
  41. Hacking Tools 2019
  42. Hacking Tools Pc
  43. Hacking Tools And Software
  44. Nsa Hack Tools Download
  45. Hacking Apps
  46. Blackhat Hacker Tools
  47. Hacker Tools Hardware
  48. Nsa Hacker Tools
  49. Hacker Tools For Mac
  50. Pentest Tools Review
  51. Hacking Tools Hardware
  52. Hacking Tools For Beginners
  53. Pentest Tools
  54. Pentest Tools For Windows
  55. Pentest Tools Github
  56. Hack Tools
  57. Black Hat Hacker Tools
  58. World No 1 Hacker Software
  59. Pentest Tools Apk
  60. Hack Apps
  61. Kik Hack Tools
  62. Pentest Tools Online
  63. Hacker Tools 2019
  64. Bluetooth Hacking Tools Kali
  65. Physical Pentest Tools
  66. Hacking Tools 2020
  67. Pentest Recon Tools
  68. Hacker Tools Hardware
  69. Nsa Hack Tools
  70. Hack Website Online Tool
  71. Pentest Tools For Mac
  72. Hak5 Tools
  73. Hack Tools Mac
  74. World No 1 Hacker Software
  75. Hacker Tools Hardware
  76. Hacker Tools Apk Download
  77. Pentest Tools Linux
  78. Nsa Hack Tools
  79. Bluetooth Hacking Tools Kali
  80. How To Hack
  81. Best Pentesting Tools 2018
  82. Hacker Tools Github
  83. Hacking Tools Hardware
  84. Pentest Recon Tools
  85. Hacker Tools Software
  86. Hak5 Tools
  87. What Are Hacking Tools
  88. What Is Hacking Tools
  89. Hacker Techniques Tools And Incident Handling
  90. Pentest Tools Bluekeep
  91. Hacking Tools Hardware
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)