Outils d'utilisateurs

Outils du Site


exploit_exercises_protostar:net1

Net 1

#include "../common/common.c"
 
#define NAME "net1"
#define UID 998
#define GID 998
#define PORT 2998
 
void run()
{
    char buf[12];
    char fub[12];
    char *q;
 
    unsigned int wanted;
 
    wanted = random();
 
    sprintf(fub, "%d", wanted);
 
    if(write(0, &wanted, sizeof(wanted)) != sizeof(wanted)) { 
        errx(1, ":(\n");
    }
 
    if(fgets(buf, sizeof(buf)-1, stdin) == NULL) {
        errx(1, ":(\n");
    }
 
    q = strchr(buf, '\r'); if(q) *q = 0;
    q = strchr(buf, '\n'); if(q) *q = 0;
 
    if(strcmp(fub, buf) == 0) {
        printf("you correctly sent the data\n");
    } else {
        printf("you didn't send the data properly\n");
    }
}
 
int main(int argc, char **argv, char **envp)
{
    int fd;
    char *username;
 
    /* Run the process as a daemon */
    background_process(NAME, UID, GID);  
 
    /* Wait for socket activity and return */
    fd = serve_forever(PORT);
 
    /* Set the client socket to STDIN, STDOUT, and STDERR */
    set_io(fd);
 
    /* Don't do this :> */
    srandom(time(NULL));
 
    run();
}

Le programme choisis une chaine au hasard et attends la représentation décimale de cette chaine. Dans le challenge net0 nous avons utilisé la fonction pack, cette fois ci nous utiliserons la fonction unpack

#!/usr/bin/env python
# encoding: utf-8
 
import telnetlib
from struct import unpack
 
HOST = "192.168.1.29"
PORT = 2998
 
t = telnetlib.Telnet(HOST, PORT)
 
chaine =  t.read_some()
print "Chaine : %s" % repr(chaine)
print "Retour : %d" % unpack('<I', chaine)[0]
t.write("%d\n" % unpack('<I', chaine)[0])
print t.read_some()
 
t.close()
exploit_exercises_protostar/net1.txt · Dernière modification: 2017/04/09 15:33 (modification externe)