Files
ctf/training/IntroZ3/tasks/chall2_dreamer/README.md
2025-02-26 20:14:15 +01:00

15 lines
917 B
Markdown

This pwn/misc challenge was part of GPN CTF 2024
The challenge:
- We can execute 4 bytes of arbitrary shellcode followed by 100 bytes of shellcode generated by a weird RNG, which we can seed
- We already figured out a short sequence (9 bytes) of shellcode that we want to execute.
This means we need to find a seed which will generate 5 specific bytes.
The RNG is already re-implemented in python for you in `test.py` and `exploit.py`.
Implement the function `get_seed_for_sequence` to finish the exploit. `test.py` allows you to verify your implementation is correct.
The RNG function `custom_random` takes a current state variable (initially the seed) and will return a tuple of (next byte, next state)
To get the flag from the finished exploit, run: `./exploit.py courses.sec.in.tum.de 13372`
Note, the shellcode and exploit succeeds only with a probability of 50%, you may need to run it multiple times.