Protostar Nnet 0
Alat dan Bahan
- Binary: net0
- Sistem operasi: Debian 9 dengan arsitektur 64 bit.
Mengatur Lingkungan Pekerjaan
- Source Code
#include "../common/common.c"
#define NAME "net0"
#define UID 999
#define GID 999
#define PORT 2999
void run()
{
unsigned int i;
unsigned int wanted;
wanted = random();
printf("Please send '%d' as a little endian 32bit int\n", wanted);
if(fread(&i, sizeof(i), 1, stdin) == NULL) {
errx(1, ":(\n");
}
if(i == wanted) {
printf("Thank you sir/madam\n");
} else {
printf("I'm sorry, you sent %d instead\n", i);
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait for socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this :> */
srandom(time(NULL));
run();
}
Solusi
Pada level ini, dikenalkan bagaimana berkomunikasi dengan layanan server yang disediakan pada 192.168.56.101 2999 dengan pack data menjadi little endian.
net0.py
from pwn import *
import re
h = remote('192.168.56.101', 2999)
m = h.recvline()
log.info(m)
log.info(re.findall(r'\d+', m))
log.info(hex(int(re.findall(r'\d+', m)[0])))
log.info(p32(int(re.findall(r'\d+', m)[0])))
h.sendline(p32(int(re.findall(r'\d+', m)[0])))
log.info(h.recv())
Luaran.
$ python2 net0.py
[+] Opening connection to 192.168.56.101 on port 2999: Done
[*] Please send '340370046' as a little endian 32bit int
[*] ['340370046', '32']
[*] 0x1449a27e
[*] ~\xa2I\x14
[*] Thank you sir/madam
[*] Closed connection to 192.168.56.101 port 2999