An Exercise in Weak Random Seed Exploitation

Last weekend I participated in a capture-the-flag event sponsored by Bishop Fox and ran by students at BYU. Following the event I decided that it may be fun to try and crack the scoring software itself – so I’ve written up the process here to explain how I put the exploit together.

This is a companion discussion topic for the original entry at

For anyone interested in seeing the complete proof-of-concept, I’ve uploaded a working exploit to a gist.