Friday, January 19, 2024

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related articles


  1. Hack Tools
  2. What Is Hacking Tools
  3. Hacker Security Tools
  4. Hacking Tools Windows 10
  5. Pentest Tools Framework
  6. Hacking Tools Free Download
  7. Kik Hack Tools
  8. Pentest Tools Website
  9. Best Pentesting Tools 2018
  10. Pentest Tools Url Fuzzer
  11. Pentest Tools For Android
  12. Pentest Box Tools Download
  13. Hacker Tools Free
  14. Hacking Tools Free Download
  15. Hacker Tools
  16. Hack Tools Mac
  17. Best Hacking Tools 2019
  18. Hacker Tools For Windows
  19. Termux Hacking Tools 2019
  20. Hacking Tools Usb
  21. Pentest Tools Apk
  22. Hackers Toolbox
  23. Pentest Tools
  24. Hacking Tools Usb
  25. Hacker Tools Apk Download
  26. Pentest Tools Free
  27. Pentest Tools Kali Linux
  28. Hack Tools Download
  29. Hack Tools
  30. World No 1 Hacker Software
  31. Hack Tools
  32. Hack Tool Apk No Root
  33. New Hack Tools
  34. Nsa Hacker Tools
  35. Hacker Tools Software
  36. Hack Tools Download
  37. Hacking Apps
  38. Hacking Tools Mac
  39. Hak5 Tools
  40. Hacker Tools For Windows
  41. Hacker Tools Github
  42. Hacking Tools Windows
  43. Pentest Tools Find Subdomains
  44. Kik Hack Tools
  45. Easy Hack Tools
  46. Hacker Techniques Tools And Incident Handling
  47. How To Install Pentest Tools In Ubuntu
  48. Physical Pentest Tools
  49. Hack Apps
  50. Physical Pentest Tools
  51. Hacker Security Tools
  52. Pentest Tools Online
  53. Pentest Tools Url Fuzzer
  54. Hacker Tools Linux
  55. Hack And Tools
  56. Hack Tools Download
  57. Pentest Automation Tools
  58. Hacker Tool Kit
  59. Hacking Tools Github
  60. Pentest Tools Open Source
  61. Nsa Hacker Tools
  62. Install Pentest Tools Ubuntu
  63. Tools 4 Hack
  64. Hacker Tools Free Download
  65. Pentest Tools Apk
  66. Wifi Hacker Tools For Windows
  67. Hack Tools For Windows
  68. Hacker
  69. Hack Tools Mac
  70. Usb Pentest Tools
  71. Hacking Tools Download
  72. Hacker
  73. Pentest Tools Online
  74. Hacking App
  75. Hacking Tools For Mac
  76. Pentest Tools For Windows
  77. Pentest Tools For Android
  78. Free Pentest Tools For Windows
  79. Hacking Tools 2020
  80. Hacking Tools Online
  81. Pentest Tools Find Subdomains
  82. Pentest Tools List
  83. Pentest Tools Find Subdomains
  84. Pentest Tools Website Vulnerability
  85. Hack And Tools
  86. Hack Website Online Tool
  87. Hacker Tools Free Download
  88. What Is Hacking Tools
  89. Hacker Security Tools
  90. Hacker Tools 2019
  91. Pentest Tools For Ubuntu
  92. Hacker Hardware Tools
  93. Pentest Tools For Android
  94. Hack Apps
  95. Pentest Tools Online
  96. Hacking Tools Windows 10
  97. Pentest Recon Tools
  98. Hack Tools
  99. Pentest Tools Url Fuzzer
  100. What Is Hacking Tools
  101. Hacker Tools Online
  102. Hack Tools
  103. What Is Hacking Tools
  104. Pentest Tools For Windows
  105. Hacking Tools Hardware
  106. World No 1 Hacker Software
  107. Pentest Tools Review
  108. Hacking Tools Free Download
  109. Bluetooth Hacking Tools Kali
  110. Hack Tools 2019
  111. Hacking Tools For Mac
  112. Hacker Tools For Windows
  113. Install Pentest Tools Ubuntu
  114. Best Hacking Tools 2019
  115. Hacking Tools Kit
  116. Nsa Hack Tools Download
  117. Hacking Tools For Beginners
  118. Hack Tools Pc
  119. Free Pentest Tools For Windows
  120. Hacking Tools Free Download
  121. How To Hack
  122. Hacker Tools List
  123. Best Pentesting Tools 2018
  124. Hacker Tools Online
  125. Pentest Tools Website Vulnerability
  126. Hacking Tools Software
  127. Best Hacking Tools 2020
  128. Hacking Tools Online
  129. Kik Hack Tools
  130. Hack Tool Apk No Root
  131. Hacking Tools Windows 10
  132. How To Hack
  133. Hacking Tools For Pc
  134. Hacker Tools For Windows
  135. Hacking Tools 2019
  136. How To Make Hacking Tools
  137. Pentest Tools For Android
  138. Tools 4 Hack
  139. Pentest Tools Alternative
  140. Hackrf Tools
  141. Black Hat Hacker Tools
  142. Hacking Tools For Kali Linux
  143. Hak5 Tools
  144. Hacking Tools Hardware
  145. Hacking Tools Windows
  146. Pentest Reporting Tools
  147. Hacker Tools Linux
  148. Hacking Tools 2020
  149. Hacker Hardware Tools
  150. Pentest Tools Github
  151. Pentest Reporting Tools
  152. Best Hacking Tools 2020
  153. Pentest Tools For Android
  154. What Are Hacking Tools
  155. Best Pentesting Tools 2018
  156. Wifi Hacker Tools For Windows
  157. Best Hacking Tools 2019
  158. Pentest Tools Windows
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)