Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
— |
exploit_exercises_protostar:net1 [2017/04/09 15:33] (Version actuelle) |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | ====== Net 1 ====== | ||
+ | |||
+ | <code C> | ||
+ | #include "../common/common.c" | ||
+ | |||
+ | #define NAME "net1" | ||
+ | #define UID 998 | ||
+ | #define GID 998 | ||
+ | #define PORT 2998 | ||
+ | |||
+ | void run() | ||
+ | { | ||
+ | char buf[12]; | ||
+ | char fub[12]; | ||
+ | char *q; | ||
+ | |||
+ | unsigned int wanted; | ||
+ | |||
+ | wanted = random(); | ||
+ | |||
+ | sprintf(fub, "%d", wanted); | ||
+ | |||
+ | if(write(0, &wanted, sizeof(wanted)) != sizeof(wanted)) { | ||
+ | errx(1, ":(\n"); | ||
+ | } | ||
+ | |||
+ | if(fgets(buf, sizeof(buf)-1, stdin) == NULL) { | ||
+ | errx(1, ":(\n"); | ||
+ | } | ||
+ | |||
+ | q = strchr(buf, '\r'); if(q) *q = 0; | ||
+ | q = strchr(buf, '\n'); if(q) *q = 0; | ||
+ | |||
+ | if(strcmp(fub, buf) == 0) { | ||
+ | printf("you correctly sent the data\n"); | ||
+ | } else { | ||
+ | printf("you didn't send the data properly\n"); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | int main(int argc, char **argv, char **envp) | ||
+ | { | ||
+ | int fd; | ||
+ | char *username; | ||
+ | |||
+ | /* Run the process as a daemon */ | ||
+ | background_process(NAME, UID, GID); | ||
+ | |||
+ | /* Wait for socket activity and return */ | ||
+ | fd = serve_forever(PORT); | ||
+ | |||
+ | /* Set the client socket to STDIN, STDOUT, and STDERR */ | ||
+ | set_io(fd); | ||
+ | |||
+ | /* Don't do this :> */ | ||
+ | srandom(time(NULL)); | ||
+ | |||
+ | run(); | ||
+ | } | ||
+ | </code> | ||
+ | |||
+ | Le programme choisis une chaine au hasard et attends la représentation décimale de cette chaine. Dans le challenge [[exploit_exercises_protostar:net0|net0]] nous avons utilisé la fonction ''pack'', cette fois ci nous utiliserons la fonction ''unpack'' | ||
+ | |||
+ | <code Python> | ||
+ | #!/usr/bin/env python | ||
+ | # encoding: utf-8 | ||
+ | |||
+ | import telnetlib | ||
+ | from struct import unpack | ||
+ | |||
+ | HOST = "192.168.1.29" | ||
+ | PORT = 2998 | ||
+ | |||
+ | t = telnetlib.Telnet(HOST, PORT) | ||
+ | |||
+ | chaine = t.read_some() | ||
+ | print "Chaine : %s" % repr(chaine) | ||
+ | print "Retour : %d" % unpack('<I', chaine)[0] | ||
+ | t.write("%d\n" % unpack('<I', chaine)[0]) | ||
+ | print t.read_some() | ||
+ | |||
+ | t.close() | ||
+ | </code> | ||