sábado, 22 de agosto de 2020

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More info
  1. Hacking Tools Software
  2. Best Hacking Tools 2019
  3. Pentest Tools For Ubuntu
  4. Android Hack Tools Github
  5. Android Hack Tools Github
  6. Hacker Tool Kit
  7. Best Hacking Tools 2020
  8. Hack Tools 2019
  9. What Is Hacking Tools
  10. Android Hack Tools Github
  11. Pentest Tools Subdomain
  12. Hacker Tools Apk
  13. Pentest Tools Download
  14. Hacker Tools 2019
  15. Hacker Search Tools
  16. Github Hacking Tools
  17. Hacker
  18. Hacker Tools For Pc
  19. Pentest Reporting Tools
  20. Pentest Tools Framework
  21. What Are Hacking Tools
  22. How To Make Hacking Tools
  23. Hacker Tools Apk
  24. Hacker Tool Kit
  25. Hak5 Tools
  26. Pentest Recon Tools
  27. New Hacker Tools
  28. Hack Tools For Games
  29. Pentest Tools Android
  30. Hack Tools Github
  31. Easy Hack Tools
  32. Pentest Tools Windows
  33. Hack Tools For Games
  34. Pentest Tools Alternative
  35. Hacker Tools Hardware
  36. Hacking Tools Windows
  37. Hack And Tools
  38. Pentest Automation Tools
  39. Hacking Tools Windows 10
  40. Pentest Tools For Ubuntu
  41. Pentest Tools Alternative
  42. Hack Tool Apk No Root
  43. Hacker Tools For Mac
  44. Hacker Tools Software
  45. Hack Tools Mac
  46. What Is Hacking Tools
  47. Hack Tools Download
  48. Hacking Tools For Pc
  49. Hacker Search Tools
  50. Pentest Tools Website Vulnerability
  51. Hacking App
  52. Hack Tools For Games
  53. Pentest Tools Port Scanner
  54. Hacking Tools Name
  55. Hacking Tools Mac
  56. Hack Tools For Ubuntu
  57. Hacking Tools Free Download
  58. Hacking Tools Name
  59. Hacking Tools Kit
  60. Hacker Tools Windows
  61. Hacking Tools Online
  62. Hacking Apps
  63. Hacker Tools Linux
  64. Hacking Tools 2020
  65. Hacking Apps
  66. Pentest Tools Url Fuzzer
  67. Hacker Tools List
  68. Pentest Tools Nmap
  69. Hacking Tools For Pc
  70. Nsa Hack Tools
  71. World No 1 Hacker Software
  72. New Hacker Tools
  73. Ethical Hacker Tools
  74. New Hack Tools
  75. Pentest Tools Online
  76. Hacker Hardware Tools
  77. Pentest Tools Bluekeep
  78. Hack Tools Online
  79. Hackers Toolbox
  80. Hack Tools For Ubuntu
  81. Pentest Tools Open Source
  82. Easy Hack Tools
  83. Top Pentest Tools
  84. New Hacker Tools
  85. Hacking Tools Mac
  86. Hacking Tools Windows 10
  87. New Hacker Tools
  88. Hacking Tools For Games
  89. Wifi Hacker Tools For Windows
  90. Pentest Tools Subdomain
  91. Tools 4 Hack
  92. Pentest Tools Alternative
  93. Usb Pentest Tools
  94. Hacker Hardware Tools
  95. Hacker Techniques Tools And Incident Handling
  96. World No 1 Hacker Software
  97. Tools For Hacker
  98. Hacker Tools Apk Download
  99. Hack Apps
  100. Pentest Tools Framework
  101. Hacker Tools Linux
  102. Hackers Toolbox
  103. Hacking Tools 2019
  104. Hack Rom Tools
  105. Pentest Reporting Tools
  106. Pentest Tools Android
  107. Pentest Tools Website
  108. Nsa Hacker Tools
  109. Hack Website Online Tool
  110. How To Hack
  111. World No 1 Hacker Software
  112. Pentest Tools Url Fuzzer
  113. Hacking Tools Pc
  114. Pentest Tools Website
  115. Hacker Techniques Tools And Incident Handling
  116. Hacking App
  117. Hacking Tools 2019
  118. Pentest Tools Alternative
  119. Hackrf Tools
  120. Hack Tools 2019
  121. Nsa Hack Tools
  122. Hacking Tools Hardware
  123. Hacking Tools For Kali Linux
  124. Hacking Tools Software
  125. Hacker Tools Software

No hay comentarios:

Publicar un comentario