changed repo structure
This commit is contained in:
14
training/h4tum/IntroZ3/tasks/chall2_dreamer/README.md
Normal file
14
training/h4tum/IntroZ3/tasks/chall2_dreamer/README.md
Normal file
@@ -0,0 +1,14 @@
|
||||
This pwn/misc challenge was part of GPN CTF 2024
|
||||
|
||||
The challenge:
|
||||
- We can execute 4 bytes of arbitrary shellcode followed by 100 bytes of shellcode generated by a weird RNG, which we can seed
|
||||
- We already figured out a short sequence (9 bytes) of shellcode that we want to execute.
|
||||
This means we need to find a seed which will generate 5 specific bytes.
|
||||
|
||||
The RNG is already re-implemented in python for you in `test.py` and `exploit.py`.
|
||||
Implement the function `get_seed_for_sequence` to finish the exploit. `test.py` allows you to verify your implementation is correct.
|
||||
|
||||
The RNG function `custom_random` takes a current state variable (initially the seed) and will return a tuple of (next byte, next state)
|
||||
|
||||
To get the flag from the finished exploit, run: `./exploit.py courses.sec.in.tum.de 13372`
|
||||
Note, the shellcode and exploit succeeds only with a probability of 50%, you may need to run it multiple times.
|
||||
Reference in New Issue
Block a user