printf("Hello World!");

Posted on Edited on In , ,
ėÆøė¦¬ė³“źø° ė°©ģ§€

Right, this oneā€™s comparatively not too bad

difficulty-wise, you see

Right, anyway
due to my own circumstances,
I suppose

this study-related post

will have to be the last of its kind for now

I should really try a
bug bounty this year,
at the very latest.

The situation shows no sign of
improving, honestly.

Īµ-(Ā“惻ļ½€)

Honestly, rather than wasting all
my time and health with some
unwanted weekday part-time work,

with some unwanted weekday part-time work,

itā€™d be far less galling to do
bug bounties on weekdays

and just part-time work on weekends.

itā€™d be far less galling.

-`Š“Ā“-

Right, anyway Iā€™ll just carry on writing.

(憁į“—憁āœæ)

Screenshot 1.

Right, first letā€™s have a gander at the question,

with my own rather straightforward,
literal translation

Daddy, teach me how to use random value in programming!

Screenshot 2.

Right, and then

1
ssh random@pwnable.kr -p2222

you connect straight away.

Screenshot 3.

First,you work out whether
the file exists,and then

you check the random.c file

I check it

Right, so itā€™s a program that receives a
key value if you XOR a 4-byte
random value with an input value

if you XOR a 4-byte random value with an input value

and 0xdeadbeef comes out.

So, ANG? If itā€™s a random value,
does one have to try all possible cases?

Does one have to try all possible cases? ōxō

Does one have to try all possible cases? ōxō

one might think, but

the rand() function, unless
you provide it with a
seed value that changes every time

will always convert to a constant value

This constant value, if you work it out,

will give you the answer.

Right, then, letā€™s trace the value using gdb.

Screenshot 4.

Right, so you do the XOR operation,

and it seems you just need to check
the value of eax 0xdeadbeef

you just need to check.

Screenshot 5.

If you set a breakpoint and run it, putting in 0

you can see that 0x6b8b4567 is in eax.

0x6b8b4567 is in eax

you can see that itā€™s in there.

As XORing with 0 produces the same value,

you can deduce that the value of rand() is 0x6b8b4567

you can deduce that it is.

So, the value we need to input can be found through

0xdeadbeef ^ 0x6b8b4567

can be found

Screenshot 6: Hexadecimal operation in Java

If you operate these two using Java programming

if you operate these two

the result is

0xB526FB88

Screenshot 7.

And if you go to a conversion website and convert it,

3039230856

a value like the above is output

Screenshot 8

If you input the outputted value,

you acquire the key value like this.

Right, and then with the key value thatā€™s
been snagged,

Screenshot 9.

you go back to the first screen,

input it into the blank space

and then just press the ā€˜authā€™ button.

As soon as the missionā€™s completed,

1 point has been snagged.

then, if you go back to the initial screen again,

youā€™ll see that

itā€™s marked as completed with a green

dotted line.

Thanks for reading through this long post.

Well done. (憁į“—憁āœæ)

Have a good day, and
I hope everything works out well for you

Itā€™s quite warm out,
so do try and avoid getting heatstroke,

And do take care with the,erm,
Wuhan pneumonia situation.