Files
ctf/training/IntroZ3/tasks/chall2_dreamer/README.md
2025-02-26 20:14:15 +01:00

917 B

This pwn/misc challenge was part of GPN CTF 2024

The challenge:

  • We can execute 4 bytes of arbitrary shellcode followed by 100 bytes of shellcode generated by a weird RNG, which we can seed
  • We already figured out a short sequence (9 bytes) of shellcode that we want to execute. This means we need to find a seed which will generate 5 specific bytes.

The RNG is already re-implemented in python for you in test.py and exploit.py. Implement the function get_seed_for_sequence to finish the exploit. test.py allows you to verify your implementation is correct.

The RNG function custom_random takes a current state variable (initially the seed) and will return a tuple of (next byte, next state)

To get the flag from the finished exploit, run: ./exploit.py courses.sec.in.tum.de 13372 Note, the shellcode and exploit succeeds only with a probability of 50%, you may need to run it multiple times.