Just wanted to post a quick alternative of Metasploit’s VMWare Fusion CVE-2014-6271 exploit (
metasploit-framework / modules / exploits / osx / local / vmware_bash_function_root.rb ) for local shell use.
There is a subfield of computer science known as approximation algorithms whose goal is to find algorithms that can quickly find solutions that are not necessarily optimal, but are within some known bound of optimal. Under very reasonable assumptions, the expected value for the constant of approximation of a randomly selected feasible solution is almost always going to at most two. We present some empirical evidence suggesting that the random solutions are often even closer to optimal than ones produced by state-of-the-art approximation algorithms. Sometimes quickly and mindlessly choosing a random solution isn’t half bad!
Now that these locks have piqued our curiosity we’re starting to see them everywhere we look.
Locks are only as secure as the codes humans choose to assign to them. As a mnemonic, the security officers who set the codes often use six-letter words which are translated into codes using the mapping from a phone keypad. Using a phone keypad mapping on six-letter English dictionary words is the physical security equivalent of a website’s arbitrarily limiting passwords to eight characters.
Reversing this program is made frustrating by the fact that it was written in OCaml, generating many instructions that maintain internal structures, check stack alignment, etc. It becomes clear that in order to get the flag, we must pass the checks performed by each function within a list.
It is clear the binary has been messed with, and from both the description and name of the task, we hypothesize that bytes have only been shuffled around, not otherwise modified (via encryption, XOR, etc.).
If you know of a link we have missed, please let us know in the comments and we will add it shortly.