Protostar Net 1
Alat dan Bahan
- Binary: net1
- Sistem operasi: Debian 9 dengan arsitektur 64 bit.
Mengatur Lingkungan Pekerjaan
- Source Code
#include "../common/common.c"
#define NAME "net1"
#define UID 998
#define GID 998
#define PORT 2998
void run()
{
char buf[12];
char fub[12];
char *q;
unsigned int wanted;
wanted = random();
sprintf(fub, "%d", wanted);
if(write(0, &wanted, sizeof(wanted)) != sizeof(wanted)) {
errx(1, ":(\n");
}
if(fgets(buf, sizeof(buf)-1, stdin) == NULL) {
errx(1, ":(\n");
}
q = strchr(buf, '\r'); if(q) *q = 0;
q = strchr(buf, '\n'); if(q) *q = 0;
if(strcmp(fub, buf) == 0) {
printf("you correctly sent the data\n");
} else {
printf("you didn't send the data properly\n");
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait for socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this :> */
srandom(time(NULL));
run();
}
Solusi
Pada level ini, dikenalkan bagaimana berkomunikasi dengan layanan server yang disediakan pada 192.168.56.101 2999 dengan unpack little endian menjadi data ASCII.
net1.py
from pwn import *
import re
h = remote('192.168.56.101', 2998)
m = h.recv(32)
log.info(m)
log.info(u32(m))
h.sendline(str(u32(m)))
log.info(h.recv())
Luaran.
$ python2 net1.py
[+] Opening connection to 192.168.56.101 on port 2998: Done
[*] W\xb2q*
[*] 712094295
[*] you correctly sent the data
[*] Closed connection to 192.168.56.101 port 2998