Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Much of the time, breaking randomness requires fancy math. This post is about using the situational awareness of the random function to exploit the system. In this case, the author of the post was targeting a password reset token.

In C#, the PRNG is considered "insecure," meaning it's not truly random. It has a set path it goes on, and the randomness really relies on the seed. If no seed is provided, then the TickCount is used. This is the number of milliseconds since the machine was booted.

What's interesting about this, is that the seed is calculated for each call to random()! In the .NET framework, there is a note about this. "As a result, different Random objects that are created in close succession by a call to the parameterless constructor have identical default seed values and, therefore, produce identical sets of random numbers." So, if calls to random are made within the same 1ms, they will produce the same output. If you have your own password reset token and tried resetting another user's, it all went well then they should be the same.

Is this even possible to reproduce? 1ms is tight! Using the single packet attack documented by James Kettle, this is possible in Burp Suite. Use Burp's repeater groups to reset both passwords at the same time. There are still a lot of false positives while doing this, though.

This exact issue affects Python's UUID implementation. They have also seen similar types of things used in CTFs. The end of the post demonstrates how to break this algorithm using math, and it even reveals a bug in the C# implementation (a weird integer overflow). An excellent write-up for a bug they found!