GET PAID

banner

$1,000,000 CHALLENGE

banner

BUY OR SELL LIBERTY RESERVE

Naira4Dollar

Thursday, August 20, 2020

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related word


  1. Hacking Tools Mac
  2. Hack Tools For Mac
  3. Tools For Hacker
  4. Hacking Tools Download
  5. Nsa Hack Tools Download
  6. Pentest Tools Download
  7. Hacker Tools For Windows
  8. Nsa Hacker Tools
  9. What Are Hacking Tools
  10. Pentest Box Tools Download
  11. Wifi Hacker Tools For Windows
  12. Beginner Hacker Tools
  13. Game Hacking
  14. Hacking Tools Software
  15. Hacker Tools Windows
  16. Pentest Tools
  17. Hacker Techniques Tools And Incident Handling
  18. Pentest Tools Find Subdomains
  19. Hack Tools
  20. Pentest Tools For Mac
  21. Pentest Box Tools Download
  22. Nsa Hack Tools Download
  23. Hacking Tools Pc
  24. What Are Hacking Tools
  25. Hacker Tools Free Download
  26. Hacker Hardware Tools
  27. Hack App
  28. Physical Pentest Tools
  29. Hackrf Tools
  30. Pentest Tools Tcp Port Scanner
  31. Hacking Tools Name
  32. Pentest Automation Tools
  33. Hacker Tools Hardware
  34. New Hack Tools
  35. Bluetooth Hacking Tools Kali
  36. Hacking Tools Software
  37. Android Hack Tools Github
  38. Pentest Tools Bluekeep
  39. Hacking Tools Usb
  40. Nsa Hack Tools
  41. Hacks And Tools
  42. New Hack Tools
  43. Pentest Tools Free
  44. How To Install Pentest Tools In Ubuntu
  45. Physical Pentest Tools
  46. New Hacker Tools
  47. Hack Tools For Pc
  48. Best Hacking Tools 2020
  49. Pentest Tools Nmap
  50. Beginner Hacker Tools
  51. Pentest Tools Github
  52. Pentest Tools Framework
  53. Hacker Tools Apk
  54. Hacking Tools For Windows Free Download
  55. Hack Tool Apk No Root
  56. Pentest Tools For Ubuntu
  57. Pentest Tools Online
  58. New Hack Tools
  59. Hacks And Tools
  60. What Is Hacking Tools
  61. Hack Tools Pc
  62. Hack Tools 2019
  63. Pentest Tools Github
  64. Hacker Search Tools
  65. Free Pentest Tools For Windows
  66. Hacking Tools Online
  67. Blackhat Hacker Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

WE BUY YOUR LIBERTY RESERVE AND DEPOSIT DIRECTLY INTO YOUR BANK ACCOUNT(NO STORIES)

Naira4Dollar