Day by Day Pregnancy: Defcon 2015 Coding Skillz 1 Writeup

Just connecting to the service, a 64bit cpu registers dump is received, and so does several binary code as you can see:

The registers represent an initial cpu state, and we have to reply with the registers result of the binary code execution. This must be automated becouse of the 10 seconds server socket timeout.

The exploit is quite simple, we have to set the cpu registers to this values, execute the code and get resulting registers.

In python we created two structures for the initial state and the ending state.

cpuRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}
finalRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}

We inject at the beginning several movs for setting the initial state:

for r in cpuRegs.keys():

code.append('mov %s, %s' % (r, cpuRegs[r]))

The 64bit compilation of the movs and the binary code, but changing the last ret instruction by a sigtrap "int 3"

We compile with nasm in this way:

os.popen('nasm -f elf64 code.asm')

os.popen('ld -o code code.o ')

And use GDB to execute the code until the sigtrap, and then get the registers

fd = os.popen("gdb code -ex 'r' -ex 'i r' -ex 'quit'",'r')

for l in fd.readlines():

for x in finalRegs.keys():

...

We just parse the registers and send the to the server in the same format, and got the key.

The code:

from libcookie import *

from asm import *

import os

import sys

host = 'catwestern_631d7907670909fc4df2defc13f2057c.quals.shallweplayaga.me'

port = 9999

cpuRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}

finalRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}

fregs = 15

s = Sock(TCP)

s.timeout = 999

s.connect(host,port)

data = s.readUntil('bytes:')

#data = s.read(sz)

#data = s.readAll()

sz = 0

for r in data.split('\n'):

for rk in cpuRegs.keys():

if r.startswith(rk):

cpuRegs[rk] = r.split('=')[1]

if 'bytes' in r:

sz = int(r.split(' ')[3])

binary = data[-sz:]

code = []

print '[',binary,']'

print 'given size:',sz,'bin size:',len(binary)

print cpuRegs

for r in cpuRegs.keys():

code.append('mov %s, %s' % (r, cpuRegs[r]))

#print code

fd = open('code.asm','w')

fd.write('\n'.join(code)+'\n')

fd.close()

Capstone().dump('x86','64',binary,'code.asm')

print 'Compilando ...'

os.popen('nasm -f elf64 code.asm')

os.popen('ld -o code code.o ')

print 'Ejecutando ...'

fd = os.popen("gdb code -ex 'r' -ex 'i r' -ex 'quit'",'r')

for l in fd.readlines():

for x in finalRegs.keys():

if x in l:

l = l.replace('\t',' ')

try:

i = 12

spl = l.split(' ')

if spl[i] == '':

i+=1

print 'reg: ',x

finalRegs[x] = l.split(' ')[i].split('\t')[0]

except:

print 'err: '+l

fregs -= 1

if fregs == 0:

#print 'sending regs ...'

#print finalRegs

buff = []

for k in finalRegs.keys():

buff.append('%s=%s' % (k,finalRegs[k]))

print '\n'.join(buff)+'\n'

print s.readAll()

s.write('\n'.join(buff)+'\n\n\n')

print 'waiting flag ....'

print s.readAll()

print '----- yeah? -----'

s.close()

fd.close()

s.close()

More articles

Why Should you take care of Day by Day Pregnancy?

Taking care of your baby and your body on Day by Day Pregnancy

If you're pregnant now, you should know how important is to take care of yourself and your future baby. Well, pregnant is something that every married girl dream of. Sooner or later, after you married and settle down, your husband and yourself will love to have a new comer in your house, especially if only both of you living together without living with your other family members like your parents, grandparents or any other sibling

It is extremely important to take care of your baby and yourself on day by day pregnancy. You must eat the right food and make sure that the food you ate will not harm your baby and yourself.

Yes, pregnant is great, eating right and good nutrition food for your baby is a must! but how about the excessive pounds you will get when you're pregnant and after you delivered? is it something that you must consider of? as a woman, it is extremely important to take care of our weight, fat means ugly, and what happen when we're fat? of course, we will lost our self confident at first. And what happen when we lost our self confident?

If you're not even dare to look at yourself in the mirror, do you think that your belove husband will like to hug you, kiss you and look at you like before? even if your husband looks at you like before, you might probably think, "what's wrong with him, he look at my fat meat all the time!"

well, dont' let this happens to you. It is Extremely important to get rid of the excessive fat during and after pregnancy.

Here at Pregnancy Without Pounds, I found an absolutely great course and guide for your day by day pregnancy course, free of charge. They'll send you article and some guide several times a week for you to learn how to take care of yourself and your baby.

This is what they claim:

"You absolutely DO NOT have to pack on extra pregnancy weight. Using my 15 years of experience as a health and nutrition coach and hours of research, I discovered the secrets to exercising and eating for pregnancy…
...9 months later I had lost all my weight and I'm now in better shape than I was before I was pregnant!” "

I hope by this Day by Day Pregnancy guide, you will get yourself benefited on it. Sign up to the FREE course now and get your benefit out of it!

Day by Day Pregnancy

Sunday, January 21, 2024

Defcon 2015 Coding Skillz 1 Writeup

No comments:

Why Should you take care of Day by Day Pregnancy?

Day by Day Pregnancy Free Course

Blog Archive

About Me