Exploiting Predictable PRNG Seeds (with PwnTools) - Badseed (Reversing/Crypto) [K3RN3L CTF]
Рет қаралды 2,459
Күн бұрынVideo walkthrough for "Badseed" challenge from the K3RN3L Capture The Flag (CTF) competition 2021. In this challenge we reverse an ELF binary with Ghidra and GDB-PwnDbg to identify a predictable Pseudo-Random Number Generator (PRNG) seed. Next, we use PwnTools to patch the original binary and automate the "bad seed" exploitation. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢K3RN3L CTF↣
github.com/Kasimir123/K3RN3LC...
ctf.k3rn3l4rmy.com
/ kernelarmy
/ discord
↢Resources↣
Ghidra: ghidra.re/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef/
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forens...
Decompile Code: www.decompiler.com/
Run Code: tio.run/
Start: 0:00
Basic file checks - 0:22
Analyse binary in Ghidra - 2:10
Debug with GDB-PwnDbg - 4:10
PRNG (srand/rand) using time() - 8:14
Patch alarm() call with PwnTools - 10:20
Manipulate Q2 values with debugger - 12:50
Debug Q3 with Ghidra/GDB - 15:00
How do we approach remote? - 18:20
Automate with PwnTools script - 19:52
End: 25:00
@ExoDAbLe 2 жыл бұрын
Found a great channel today, already love you
@_CryptoCat 2 жыл бұрын
awww thank you 🥰
@saketsrv9068 2 жыл бұрын
The way you teach me...You just changed my life bro. May god bless you...
@_CryptoCat 2 жыл бұрын
awww thanks mate 🥰🥰🥰
@farukarslan2000 2 жыл бұрын
great explanation
@_CryptoCat 2 жыл бұрын
thanks 🥰
@darklord_656 2 жыл бұрын
Nice Explanation Bro🔥🔥😍😍
@_CryptoCat 2 жыл бұрын
thank you 🥰
@talbaraz8916 2 жыл бұрын
great explanation, very appreciated 👍 Subbed ;)
@_CryptoCat 2 жыл бұрын
awesome! thank you 🥰
@bhaitabahi786 2 жыл бұрын
great bro i learned a lot thanks make more teach more :) for noobs like me :)))) great and the explanation was awesome
@_CryptoCat 2 жыл бұрын
thanks bro! happy to hear it 🥰
@Sh3lld0n 2 жыл бұрын
Hello! Can you say how can I use gdb in pwntools script and use gdb commands?
@Sh3lld0n 2 жыл бұрын
for example stop in one address and set variable in this address
@_CryptoCat 2 жыл бұрын
Sure, the pwntools template I use (available on my GitHub) has a GDBscript variable in it, so you can just add your list of commands there e.g. break *0x400812 set $eax=0x1 Then, run the pwntoos script with "GDB" as the third param e.g. "python exploit.py GDB" There's a few different ways of using GDB with PwnTools though, in case you aren't using the template or it's not working for some functionality: docs.pwntools.com/en/stable/gdb.html
@Sh3lld0n 2 жыл бұрын
@@_CryptoCat Thanks so much
@OtolKhan 2 жыл бұрын
great explanation
@_CryptoCat 2 жыл бұрын
thank you 🥰
CryptoCat
Рет қаралды 5 М.
CryptoCat
Рет қаралды 3,3 М.
CryptoCat
Рет қаралды 3,3 М.
CryptoCat
Рет қаралды 2,5 М.
CryptoCat
Рет қаралды 1,5 М.
MaviGadget
Рет қаралды 9 МЛН