HackIt 2016 CTF: Kenya – T2Yh4RD Pwn200 writeup

Hello,

This writeup will be quick and dirty. The idea behind the challenge is about guessing a random generated password to win the game and get a shell. You lose the game after 3 bad tries.

I spent much time reversing the binary, to figure out how the password is generated, because this is the first time I deal with a Position Independent Executables.

Well, to solve the task all what we need is to guess the value used to seeds the random number generator. Like this we can determine the generated password.

The seed is calculated based on current time stamp and current process id.  We don’t know the pid. We have to bruteforce it. But we have only 3 tries !. Easy ! just overflow the “tries” variable buffer in stack to get infinite tries.  That’s all !

Here is the exploit. Don’t ask me why I wrote it in C !

 

After few seconds I got the flag.  h4ck1t{S0M3tiM35_n33D_b2UtEf02c3}

Leave a Reply

Your email address will not be published. Required fields are marked *