Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
— |
exploit_exercises_protostar:net2 [2017/04/09 15:33] (Version actuelle) |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | ====== Net 2 ====== | ||
+ | <code C> | ||
+ | #include "../common/common.c" | ||
+ | |||
+ | #define NAME "net2" | ||
+ | #define UID 997 | ||
+ | #define GID 997 | ||
+ | #define PORT 2997 | ||
+ | |||
+ | void run() | ||
+ | { | ||
+ | unsigned int quad[4]; | ||
+ | int i; | ||
+ | unsigned int result, wanted; | ||
+ | |||
+ | result = 0; | ||
+ | for(i = 0; i < 4; i++) { | ||
+ | quad[i] = random(); | ||
+ | result += quad[i]; | ||
+ | |||
+ | if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) { | ||
+ | errx(1, ":(\n"); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | if(read(0, &wanted, sizeof(result)) != sizeof(result)) { | ||
+ | errx(1, ":<\n"); | ||
+ | } | ||
+ | |||
+ | |||
+ | if(result == wanted) { | ||
+ | printf("you added them correctly\n"); | ||
+ | } else { | ||
+ | printf("sorry, try again. invalid\n"); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | int main(int argc, char **argv, char **envp) | ||
+ | { | ||
+ | int fd; | ||
+ | char *username; | ||
+ | |||
+ | /* Run the process as a daemon */ | ||
+ | background_process(NAME, UID, GID); | ||
+ | |||
+ | /* Wait for socket activity and return */ | ||
+ | fd = serve_forever(PORT); | ||
+ | |||
+ | /* Set the client socket to STDIN, STDOUT, and STDERR */ | ||
+ | set_io(fd); | ||
+ | |||
+ | /* Don't do this :> */ | ||
+ | srandom(time(NULL)); | ||
+ | |||
+ | run(); | ||
+ | } | ||
+ | </code> | ||
+ | |||
+ | Le programme choisis 4 int qu'il nous envois et additionne. Il attends que nous lui donnions le résultat de cette addition. Pour réaliser cela, nous devons utiliser à la fois la fonction ''pack'' et ''unpack''. | ||
+ | |||
+ | <code Python> | ||
+ | #!/usr/bin/env python | ||
+ | # encoding: utf-8 | ||
+ | |||
+ | import telnetlib | ||
+ | from struct import unpack, pack | ||
+ | |||
+ | HOST = "192.168.1.29" | ||
+ | PORT = 2997 | ||
+ | |||
+ | t = telnetlib.Telnet(HOST, PORT) | ||
+ | |||
+ | chaine = t.read_some() + t.read_some() + t.read_some() + t.read_some() | ||
+ | print "Chaine : %s" % repr(chaine) | ||
+ | result = unpack('<I', chaine[0:4])[0] | ||
+ | result += unpack('<I', chaine[4:8])[0] | ||
+ | result += unpack('<I', chaine[8:12])[0] | ||
+ | result += unpack('<I', chaine[12:])[0] | ||
+ | result &= 0xffffffff | ||
+ | print "Result : %d" % result | ||
+ | print "Send : %s" % repr(pack('<I',result)) | ||
+ | t.write("%s\n" % pack('<I',result)) | ||
+ | print t.read_some() | ||
+ | |||
+ | t.close() | ||
+ | </code> |