Outils d'utilisateurs
exploit_exercises_protostar:net2
Différences
Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
| — |
exploit_exercises_protostar:net2 [2017/04/09 15:33] (Version actuelle) |
||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| + | ====== Net 2 ====== | ||
| + | <code C> | ||
| + | #include "../common/common.c" | ||
| + | |||
| + | #define NAME "net2" | ||
| + | #define UID 997 | ||
| + | #define GID 997 | ||
| + | #define PORT 2997 | ||
| + | |||
| + | void run() | ||
| + | { | ||
| + | unsigned int quad[4]; | ||
| + | int i; | ||
| + | unsigned int result, wanted; | ||
| + | |||
| + | result = 0; | ||
| + | for(i = 0; i < 4; i++) { | ||
| + | quad[i] = random(); | ||
| + | result += quad[i]; | ||
| + | |||
| + | if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) { | ||
| + | errx(1, ":(\n"); | ||
| + | } | ||
| + | } | ||
| + | |||
| + | if(read(0, &wanted, sizeof(result)) != sizeof(result)) { | ||
| + | errx(1, ":<\n"); | ||
| + | } | ||
| + | |||
| + | |||
| + | if(result == wanted) { | ||
| + | printf("you added them correctly\n"); | ||
| + | } else { | ||
| + | printf("sorry, try again. invalid\n"); | ||
| + | } | ||
| + | } | ||
| + | |||
| + | int main(int argc, char **argv, char **envp) | ||
| + | { | ||
| + | int fd; | ||
| + | char *username; | ||
| + | |||
| + | /* Run the process as a daemon */ | ||
| + | background_process(NAME, UID, GID); | ||
| + | |||
| + | /* Wait for socket activity and return */ | ||
| + | fd = serve_forever(PORT); | ||
| + | |||
| + | /* Set the client socket to STDIN, STDOUT, and STDERR */ | ||
| + | set_io(fd); | ||
| + | |||
| + | /* Don't do this :> */ | ||
| + | srandom(time(NULL)); | ||
| + | |||
| + | run(); | ||
| + | } | ||
| + | </code> | ||
| + | |||
| + | Le programme choisis 4 int qu'il nous envois et additionne. Il attends que nous lui donnions le résultat de cette addition. Pour réaliser cela, nous devons utiliser à la fois la fonction ''pack'' et ''unpack''. | ||
| + | |||
| + | <code Python> | ||
| + | #!/usr/bin/env python | ||
| + | # encoding: utf-8 | ||
| + | |||
| + | import telnetlib | ||
| + | from struct import unpack, pack | ||
| + | |||
| + | HOST = "192.168.1.29" | ||
| + | PORT = 2997 | ||
| + | |||
| + | t = telnetlib.Telnet(HOST, PORT) | ||
| + | |||
| + | chaine = t.read_some() + t.read_some() + t.read_some() + t.read_some() | ||
| + | print "Chaine : %s" % repr(chaine) | ||
| + | result = unpack('<I', chaine[0:4])[0] | ||
| + | result += unpack('<I', chaine[4:8])[0] | ||
| + | result += unpack('<I', chaine[8:12])[0] | ||
| + | result += unpack('<I', chaine[12:])[0] | ||
| + | result &= 0xffffffff | ||
| + | print "Result : %d" % result | ||
| + | print "Send : %s" % repr(pack('<I',result)) | ||
| + | t.write("%s\n" % pack('<I',result)) | ||
| + | print t.read_some() | ||
| + | |||
| + | t.close() | ||
| + | </code> | ||
exploit_exercises_protostar/net2.txt · Dernière modification: 2017/04/09 15:33 (modification externe)
Outils de la Page
Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
