segunda-feira, 24 de agosto de 2020

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















Related posts

  1. Hack App
  2. Hacking Tools For Mac
  3. Usb Pentest Tools
  4. Hack Tools Github
  5. Hack Tools Mac
  6. Hacking Apps
  7. Computer Hacker
  8. Hacks And Tools
  9. Hack And Tools
  10. Pentest Tools Kali Linux
  11. Pentest Reporting Tools
  12. Hacker
  13. Hacking Tools For Windows
  14. Pentest Tools Github
  15. Pentest Tools For Android
  16. Hack Tools Github
  17. Easy Hack Tools
  18. Hacker Tools Software
  19. Pentest Tools Website Vulnerability
  20. Android Hack Tools Github
  21. Hacking Tools For Windows
  22. Pentest Box Tools Download
  23. Pentest Tools Open Source
  24. Easy Hack Tools
  25. Hacking Tools For Mac
  26. Hack Rom Tools
  27. Hacker Security Tools
  28. What Is Hacking Tools
  29. Hacker Tools 2020
  30. Hack Tools For Games
  31. Hack Tools Download
  32. Easy Hack Tools
  33. Hack Tools
  34. Hacker Tools 2019
  35. Hacking Tools Github
  36. Pentest Tools Windows
  37. Pentest Tools Website
  38. How To Make Hacking Tools
  39. Hacker Tools Apk
  40. Hack Tool Apk No Root
  41. Hacking App
  42. Pentest Tools Tcp Port Scanner
  43. Hack Website Online Tool
  44. Hacking Tools For Windows Free Download
  45. Black Hat Hacker Tools
  46. Game Hacking
  47. Hacker Tools Online
  48. Github Hacking Tools
  49. Pentest Tools
  50. Tools 4 Hack
  51. Install Pentest Tools Ubuntu
  52. Hacking Tools For Games
  53. Pentest Tools Port Scanner
  54. Hacker Tools Mac
  55. Hacking Tools For Windows Free Download
  56. Hack Tool Apk
  57. Hack Tools Github
  58. Github Hacking Tools
  59. Hacker
  60. Pentest Tools For Ubuntu
  61. Hacker Tools Linux
  62. Hacking Tools And Software
  63. Hacking Tools For Pc
  64. Pentest Tools Open Source
  65. Pentest Tools Tcp Port Scanner
  66. Pentest Tools Url Fuzzer
  67. Pentest Box Tools Download
  68. Best Hacking Tools 2020
  69. Pentest Tools Open Source
  70. Pentest Tools Windows
  71. Pentest Tools Android
  72. Hacking Tools For Windows Free Download
  73. Hacker Tools 2020
  74. Android Hack Tools Github
  75. Easy Hack Tools
  76. Pentest Tools Github
  77. Pentest Tools Apk
  78. Hack Website Online Tool
  79. Pentest Tools For Ubuntu
  80. New Hack Tools
  81. Hack Tools Github
  82. Pentest Tools
  83. Install Pentest Tools Ubuntu
  84. Pentest Tools
  85. Hacking Tools Windows
  86. Pentest Tools Download
  87. Pentest Tools Review
  88. Hacker Tools For Windows
  89. Hacker Tools Linux
  90. Pentest Tools Bluekeep
  91. Best Pentesting Tools 2018
  92. Usb Pentest Tools
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)