ctfwriteup.com
House of NotePwnie Island
Search…
Hack The Box
AD
Windows
Linux
TCM Academy
TCM Windows Privilege Escalation Course
TCM Linux Privilege Escalation Course
Game Hacking
Pwnie Island
Pwn
pwn.college
pwnable.kr
fd
collision
bof
flag
passcode
random
input
leg
mistake
shellshock
coin1
blackjack
lotto
cmd1
cmd2
uaf
memcpy
asm
unlink
blukat
horcruxes
pwnable.tw
ROP Emporium
Jarvis OJ Pwn Xman Series
Crypto
Jarvis OJ Crypto RSA Series
picoCTF
picoCTF 2020 Mini-Competition
picoCTF 2021
picoMini by redpwn
redpwnCTF
redpwnCTF 2021
Powered By GitBook
random
{"author": ["ret2basic"]}

Challenge

Daddy, teach me how to use random value in programming!
ssh [email protected] -p2222 (pw:guest)

Source Code

#include <stdio.h>
​
int main(){
unsigned int random;
random = rand(); // random value!
​
unsigned int key=0;
scanf("%d", &key);
​
if( (key ^ random) == 0xdeadbeef ){
printf("Good!\n");
system("/bin/cat flag");
return 0;
}
​
printf("Wrong, maybe you should try 2^32 cases.\n");
return 0;
}
​

Solution

Check out the rand(3) man page. It says "if no seed value is provided, the rand() function is automatically seeded with a value of 1". That means a seedless rand() is deterministic. We can run the following code to test our hypothesis:
#include <stdio.h>
​
int main()
{
int random = rand();
printf("%i", random);
​
return 0;
}
The result is always 1804289383 no matter how many times we run this program. To find the key, do the math in a Python shell:
>>> 0xdeadbeef ^ 1804289383
3039230856

Get Flag

Get flag

Exploit

​
Previous
passcode
Next
input
Last modified 4mo ago
Copy link
Outline
Challenge
Source Code
Solution
Get Flag
Exploit