Monday, August 24, 2020

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More articles
  1. Pentest Tools Tcp Port Scanner
  2. Underground Hacker Sites
  3. Hacker Tools Windows
  4. Hack Tools Pc
  5. Pentest Tools Download
  6. Hacker Tools Apk
  7. Nsa Hacker Tools
  8. Hacker Tools For Mac
  9. Hacker Techniques Tools And Incident Handling
  10. Hacking Tools For Games
  11. Pentest Tools Github
  12. Hacking Tools For Beginners
  13. Hacker Tools List
  14. Pentest Tools Review
  15. Hacker Tools Free Download
  16. Hacking Tools For Pc
  17. Termux Hacking Tools 2019
  18. Hacker Tools For Mac
  19. Hacking Tools 2019
  20. Pentest Tools Github
  21. Pentest Tools Free
  22. Pentest Tools Website Vulnerability
  23. Pentest Tools Website
  24. Hacker Tools Free
  25. Physical Pentest Tools
  26. Nsa Hacker Tools
  27. Pentest Tools Download
  28. Pentest Tools For Ubuntu
  29. Hacking Tools And Software
  30. Hack Website Online Tool
  31. Hacking Tools Download
  32. Best Hacking Tools 2020
  33. New Hacker Tools
  34. Hacking Tools 2019
  35. Physical Pentest Tools
  36. Tools Used For Hacking
  37. Hack Tools For Ubuntu
  38. Hacker Techniques Tools And Incident Handling
  39. Hack Tools
  40. Hacker Hardware Tools
  41. Hacker Tools For Windows
  42. Hacker Tools Free Download
  43. Hack Tools For Mac
  44. Hacker Techniques Tools And Incident Handling
  45. Hacker Tools Online
  46. Pentest Tools Url Fuzzer
  47. Termux Hacking Tools 2019
  48. Ethical Hacker Tools
  49. Hacker Tools Linux
  50. Pentest Tools For Ubuntu
  51. Pentest Tools Android
  52. Hackrf Tools
  53. What Are Hacking Tools
  54. Hacking Tools For Kali Linux
  55. Hacker Tools Linux
  56. Hacking Tools Free Download
  57. Physical Pentest Tools
  58. Blackhat Hacker Tools
  59. Computer Hacker
  60. Hacking Apps
  61. Hacker Tools Github
  62. Hack And Tools
  63. Easy Hack Tools
  64. Top Pentest Tools
  65. Hacker Tools Apk
  66. Hack Tools
  67. Blackhat Hacker Tools
  68. Hacks And Tools
  69. Hacker Tools Apk Download
  70. Best Hacking Tools 2020
  71. Hacking Tools For Windows
  72. Hacking Tools For Pc
  73. Hacker Tools 2020
  74. Pentest Reporting Tools
  75. How To Install Pentest Tools In Ubuntu
  76. Pentest Tools Open Source
  77. Game Hacking
  78. Tools 4 Hack
  79. Hacking Tools Software
  80. Hacker Tool Kit
  81. Pentest Tools For Android
  82. Hacks And Tools
  83. Pentest Tools For Windows
  84. Hacking Tools Name
  85. Pentest Tools Github
  86. Tools Used For Hacking
  87. Pentest Tools Open Source
  88. Hacking Tools 2019
  89. Pentest Reporting Tools
  90. Hacking Tools Usb
  91. Hacking Apps
  92. Pentest Tools Subdomain
  93. Pentest Tools Github
  94. Pentest Tools Subdomain
  95. Tools 4 Hack
  96. Pentest Tools Online
  97. Hack Tools Online
  98. How To Hack
  99. Hacker Search Tools
  100. Pentest Tools List
  101. Tools For Hacker
  102. Hacker Tools For Pc
  103. Hacking Tools For Games
  104. Hack Rom Tools
  105. Hacking Tools For Windows
  106. Pentest Tools For Ubuntu
  107. How To Install Pentest Tools In Ubuntu
  108. Android Hack Tools Github
  109. Hacking Tools Software
  110. Pentest Tools Alternative
  111. Hack Tools Download
  112. Pentest Automation Tools
  113. Hacker Tools
  114. Hacker Tools For Mac
  115. Hacking Tools Windows 10
  116. Best Hacking Tools 2019
  117. Hack Rom Tools
  118. Hack Tools
  119. Hacker
  120. Nsa Hacker Tools
  121. Hack Tools
  122. Best Pentesting Tools 2018
  123. Hacker Tools 2019

No comments:

Post a Comment