Outils d'utilisateurs
exploit_exercises_protostar:net2
Net 2
#include "../common/common.c" #define NAME "net2" #define UID 997 #define GID 997 #define PORT 2997 void run() { unsigned int quad[4]; int i; unsigned int result, wanted; result = 0; for(i = 0; i < 4; i++) { quad[i] = random(); result += quad[i]; if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) { errx(1, ":(\n"); } } if(read(0, &wanted, sizeof(result)) != sizeof(result)) { errx(1, ":<\n"); } if(result == wanted) { printf("you added them correctly\n"); } else { printf("sorry, try again. invalid\n"); } } int main(int argc, char **argv, char **envp) { int fd; char *username; /* Run the process as a daemon */ background_process(NAME, UID, GID); /* Wait for socket activity and return */ fd = serve_forever(PORT); /* Set the client socket to STDIN, STDOUT, and STDERR */ set_io(fd); /* Don't do this :> */ srandom(time(NULL)); run(); }
Le programme choisis 4 int qu'il nous envois et additionne. Il attends que nous lui donnions le résultat de cette addition. Pour réaliser cela, nous devons utiliser à la fois la fonction pack et unpack.
#!/usr/bin/env python # encoding: utf-8 import telnetlib from struct import unpack, pack HOST = "192.168.1.29" PORT = 2997 t = telnetlib.Telnet(HOST, PORT) chaine = t.read_some() + t.read_some() + t.read_some() + t.read_some() print "Chaine : %s" % repr(chaine) result = unpack('<I', chaine[0:4])[0] result += unpack('<I', chaine[4:8])[0] result += unpack('<I', chaine[8:12])[0] result += unpack('<I', chaine[12:])[0] result &= 0xffffffff print "Result : %d" % result print "Send : %s" % repr(pack('<I',result)) t.write("%s\n" % pack('<I',result)) print t.read_some() t.close()
exploit_exercises_protostar/net2.txt · Dernière modification: 2017/04/09 15:33 (modification externe)
Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
