Protostar Net 2
Alat dan Bahan
- Binary: net2
- Sistem operasi: Debian 9 dengan arsitektur 64 bit.
Mengatur Lingkungan Pekerjaan
- Source Code
#include "../common/common.c"
#define NAME "net2"
#define UID 997
#define GID 997
#define PORT 2997
void run()
{
unsigned int quad[4];
int i;
unsigned int result, wanted;
result = 0;
for(i = 0; i < 4; i++) {
quad[i] = random();
result += quad[i];
if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) {
errx(1, ":(\n");
}
}
if(read(0, &wanted, sizeof(result)) != sizeof(result)) {
errx(1, ":<\n");
}
if(result == wanted) {
printf("you added them correctly\n");
} else {
printf("sorry, try again. invalid\n");
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait for socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this :> */
srandom(time(NULL));
run();
}
Solusi
Pada level ini, dikenalkan bagaimana berkomunikasi dengan layanan server yang disediakan pada 192.168.56.101 2999 dengan unpack 4 data little endian kemudian dikirim lagi dengan pack data setelah dijumlahkan.
net2.py
from pwn import *
import re
h = remote('192.168.56.101', 2997)
r=0
for i in range(4):
m = h.recv(4)
log.info(u32(m))
r+=u32(m)
log.info(r)
h.sendline(p32(r))
log.info(h.recv())
Luaran.
$ python2 net2.py
[+] Opening connection to 192.168.56.101 on port 2997: Done
[*] 1646032313
[*] 551214952
[*] 680650503
[*] 407277335
[*] 3285175103
[*] you added them correctly
[*] Closed connection to 192.168.56.101 port 2997