15 lines
917 B
Markdown
15 lines
917 B
Markdown
This pwn/misc challenge was part of GPN CTF 2024
|
|
|
|
The challenge:
|
|
- We can execute 4 bytes of arbitrary shellcode followed by 100 bytes of shellcode generated by a weird RNG, which we can seed
|
|
- We already figured out a short sequence (9 bytes) of shellcode that we want to execute.
|
|
This means we need to find a seed which will generate 5 specific bytes.
|
|
|
|
The RNG is already re-implemented in python for you in `test.py` and `exploit.py`.
|
|
Implement the function `get_seed_for_sequence` to finish the exploit. `test.py` allows you to verify your implementation is correct.
|
|
|
|
The RNG function `custom_random` takes a current state variable (initially the seed) and will return a tuple of (next byte, next state)
|
|
|
|
To get the flag from the finished exploit, run: `./exploit.py courses.sec.in.tum.de 13372`
|
|
Note, the shellcode and exploit succeeds only with a probability of 50%, you may need to run it multiple times.
|