RSS


ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

0
Posted by KP-3မိသားစု |


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More articles
  1. Hack And Tools
  2. Hack Tools For Ubuntu
  3. Kik Hack Tools
  4. Hacker
  5. New Hacker Tools
  6. Hack Tools Online
  7. Game Hacking
  8. Hacking Tools Hardware
  9. Physical Pentest Tools
  10. Hacking Tools
  11. Hack Tools Github
  12. New Hacker Tools
  13. Hacking Tools Software
  14. Hack Tools For Mac
  15. Computer Hacker
  16. Kik Hack Tools
  17. Hacking Tools Mac
  18. Hacker Tool Kit
  19. Hacking Tools Usb
  20. Hacker Tools Hardware
  21. Hacker Tools 2020
  22. Top Pentest Tools
  23. Hacker
  24. Hack Tools For Pc
  25. Hacker Tools Apk Download
  26. Github Hacking Tools
  27. Hacker Tools For Pc
  28. Pentest Tools Framework
  29. Pentest Tools Port Scanner
  30. Underground Hacker Sites
  31. Ethical Hacker Tools
  32. What Are Hacking Tools
  33. Pentest Tools List
  34. Hack Tools For Games
  35. Hacking Tools Free Download
  36. Pentest Automation Tools
  37. Hacker Tools 2019
  38. Hacker
  39. Pentest Tools Download
  40. Hacking Tools
  41. Pentest Tools For Windows
  42. Hack Apps
  43. Best Hacking Tools 2020
  44. Hack App
  45. Hack Tools For Games
  46. Hacker Tools Free Download
  47. Hacking Tools Hardware
  48. Wifi Hacker Tools For Windows
  49. Hacker Security Tools
  50. Hackrf Tools
  51. Hacking Tools Kit
  52. Bluetooth Hacking Tools Kali
  53. Pentest Tools For Mac
  54. Hak5 Tools
  55. Hack Tools Online
  56. Bluetooth Hacking Tools Kali
  57. Hack Tools For Ubuntu
  58. Hacks And Tools
  59. Hacking Tools For Windows
  60. Pentest Tools For Android
  61. Hack Tools For Windows
  62. Termux Hacking Tools 2019
  63. Pentest Tools Free
  64. Pentest Tools For Mac
  65. Hacker Tool Kit
  66. Hacking Tools For Mac
  67. New Hacker Tools
  68. Nsa Hack Tools Download
  69. Hack Tools Download
  70. Pentest Tools Find Subdomains
  71. Top Pentest Tools
  72. Hacking Tools Windows
  73. Tools For Hacker



Related Post:

Read more »

0 comments:

Post a Comment

2010 Hi There Theme designed by Wordpress Theme| Blogger Templates by Blogger Template | Bollywood Movie Wallpaper