ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related posts


  1. Pentest Tools Open Source
  2. Pentest Tools For Mac
  3. Wifi Hacker Tools For Windows
  4. Hak5 Tools
  5. Pentest Tools Bluekeep
  6. Pentest Tools List
  7. Hacker Tools For Windows
  8. Pentest Tools Free
  9. Hacker Tools
  10. Hacking Tools Kit
  11. Hacking App
  12. Black Hat Hacker Tools
  13. Pentest Tools Kali Linux
  14. Computer Hacker
  15. Nsa Hacker Tools
  16. Pentest Reporting Tools
  17. Hacking Tools For Windows
  18. Hack Tools For Pc
  19. Nsa Hacker Tools
  20. Hack Tools For Pc
  21. Hackers Toolbox
  22. Pentest Tools Download
  23. Top Pentest Tools
  24. Hack Tool Apk No Root
  25. Pentest Reporting Tools
  26. How To Make Hacking Tools
  27. Hacking Tools For Pc
  28. Hack Tools For Windows
  29. Hacker Tools Windows
  30. Hacker Tool Kit
  31. Hack Tools
  32. Hack Tools For Ubuntu
  33. Hacker Tool Kit
  34. Pentest Tools Framework
  35. What Are Hacking Tools
  36. How To Make Hacking Tools
  37. World No 1 Hacker Software
  38. Pentest Tools Android
  39. Hack Tools For Mac
  40. Top Pentest Tools
  41. Hack Tools Mac
  42. Hack Tools 2019
  43. What Are Hacking Tools
  44. Pentest Tools Website
  45. Hacking Tools Name
  46. Hacker Tools Software
  47. Kik Hack Tools
  48. Hacker Tools For Ios
  49. Hacker Tools Windows
  50. Black Hat Hacker Tools
  51. Install Pentest Tools Ubuntu
  52. Kik Hack Tools
  53. Hack Tools Github
  54. Hack Tools Github
  55. Hacker
  56. Pentest Tools Port Scanner
  57. Hacker Techniques Tools And Incident Handling
  58. Kik Hack Tools
  59. Ethical Hacker Tools
  60. Hacking Tools Windows
  61. Hack Tools
  62. Best Hacking Tools 2019
  63. Hacking Tools For Games
  64. How To Install Pentest Tools In Ubuntu
  65. Hacker Tools Apk
  66. Blackhat Hacker Tools
  67. Hack App
  68. Hacker Tools Github
  69. Top Pentest Tools
  70. Pentest Tools Review
  71. Pentest Tools Download
  72. Pentest Tools Url Fuzzer
  73. Pentest Tools Free
  74. Hacker Tools 2020
  75. Hacker Tools Apk
  76. Hacking Tools For Mac
  77. Hacking Tools Hardware
  78. Hackrf Tools
  79. Nsa Hacker Tools
  80. Easy Hack Tools
  81. Pentest Tools For Windows
  82. Hack And Tools
  83. Hacker Tools Hardware
  84. Hacks And Tools
  85. Hacker Tools Windows
  86. Growth Hacker Tools
  87. Hack Website Online Tool
  88. Best Hacking Tools 2020
  89. Hacker Tools Mac
  90. Hacking Tools For Beginners
  91. Easy Hack Tools
  92. Nsa Hack Tools
  93. Pentest Automation Tools
  94. Pentest Tools Linux
  95. Hacker Tools Online
  96. Hacker Tools List
  97. Hacker Tools List
  98. Pentest Tools Download
  99. Hacking Tools Name
  100. Hack Tools Online
  101. Hacker Tools List
  102. Hack And Tools
  103. Pentest Tools Tcp Port Scanner
  104. Pentest Reporting Tools
  105. Github Hacking Tools
  106. Hack Tools For Ubuntu
  107. Hack App
  108. Hacker Tools 2019
  109. Pentest Tools Alternative
  110. How To Hack
  111. Hack Tools For Games
  112. Hacker Tools List
  113. Usb Pentest Tools
  114. Hacker Tool Kit
  115. Physical Pentest Tools
  116. Blackhat Hacker Tools
  117. Hacking Tools Hardware
  118. Hacking Tools Usb
  119. Hack Website Online Tool
  120. Hacking Tools Download
  121. Pentest Tools Find Subdomains
  122. Hacker Tools Online
  123. Hacker Tools Hardware
  124. Pentest Tools Download
  125. Hacker Tools For Ios
  126. Pentest Tools Alternative
  127. Pentest Tools
  128. Pentest Tools Apk
  129. Hacker Tools 2020
  130. Hacking Tools Download
  131. Pentest Tools Download
  132. Pentest Tools Android
  133. Hacking Tools Mac
  134. Hacking Tools Mac
  135. Hacker Tools Apk Download
  136. Bluetooth Hacking Tools Kali
  137. Hacker Techniques Tools And Incident Handling
  138. Hacker Tools Apk Download
  139. Hacking Tools For Games
  140. Hacking Tools Usb
  141. Hacker Tools 2020
  142. Hacker Tool Kit
  143. Best Hacking Tools 2020
  144. Computer Hacker
  145. Hacker
  146. Computer Hacker
  147. Hack Tools Github
  148. Pentest Tools Windows
  149. Pentest Tools Kali Linux
  150. Hacker Tools 2020
  151. Hacking Tools Mac
  152. Pentest Tools For Android
  153. Hack Tools For Mac
  154. Pentest Tools Nmap
  155. Hacking Tools Kit
  156. Hacking Tools Software
  157. Pentest Tools Android
  158. Pentest Tools Github
  159. Pentest Recon Tools
  160. Hacking Tools For Windows 7
  161. How To Make Hacking Tools
  162. Hack Tools For Pc
  163. Hackers Toolbox
  164. Nsa Hacker Tools
  165. Hacking Tools Kit
  166. Hack Tools Mac
  167. Hacking Tools For Beginners
  168. How To Hack
  169. Hacker Security Tools
  170. Hacking Tools For Kali Linux
  171. Hack Rom Tools
  172. Hacker Tools For Windows
  173. Pentest Box Tools Download
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)