This commit is contained in:
2025-02-26 20:14:15 +01:00
parent 2a053eb9ca
commit e9e0fb20c2
22 changed files with 652 additions and 1 deletions

View File

@@ -0,0 +1,14 @@
This pwn/misc challenge was part of GPN CTF 2024
The challenge:
- We can execute 4 bytes of arbitrary shellcode followed by 100 bytes of shellcode generated by a weird RNG, which we can seed
- We already figured out a short sequence (9 bytes) of shellcode that we want to execute.
This means we need to find a seed which will generate 5 specific bytes.
The RNG is already re-implemented in python for you in `test.py` and `exploit.py`.
Implement the function `get_seed_for_sequence` to finish the exploit. `test.py` allows you to verify your implementation is correct.
The RNG function `custom_random` takes a current state variable (initially the seed) and will return a tuple of (next byte, next state)
To get the flag from the finished exploit, run: `./exploit.py courses.sec.in.tum.de 13372`
Note, the shellcode and exploit succeeds only with a probability of 50%, you may need to run it multiple times.