This pwn/misc challenge was part of GPN CTF 2024
The challenge:
- We can execute 4 bytes of arbitrary shellcode followed by 100 bytes of shellcode generated by a weird RNG, which we can seed
- We already figured out a short sequence (9 bytes) of shellcode that we want to execute. This means we need to find a seed which will generate 5 specific bytes.
The RNG is already re-implemented in python for you in test.py and exploit.py.
Implement the function get_seed_for_sequence to finish the exploit. test.py allows you to verify your implementation is correct.
The RNG function custom_random takes a current state variable (initially the seed) and will return a tuple of (next byte, next state)
To get the flag from the finished exploit, run: ./exploit.py courses.sec.in.tum.de 13372
Note, the shellcode and exploit succeeds only with a probability of 50%, you may need to run it multiple times.