Protostarnet0
About
This level takes a look at converting strings to little endian integers.
This level is at /opt/protostar/bin/net0
Source code
#include "../common/common.c"
#define NAME "net0"
#define UID 999
#define GID 999
#define PORT 2999
void run()
{
unsigned int i;
unsigned int wanted;
wanted = random();
printf("Please send '%d' as a little endian 32bit int\n", wanted);
if(fread(&i, sizeof(i), 1, stdin) == NULL) {
errx(1, ":(\n");
}
if(i == wanted) {
printf("Thank you sir/madam\n");
} else {
printf("I'm sorry, you sent %d instead\n", i);
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait for socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this :> */
srandom(time(NULL));
run();
}
#define NAME "net0"
#define UID 999
#define GID 999
#define PORT 2999
void run()
{
unsigned int i;
unsigned int wanted;
wanted = random();
printf("Please send '%d' as a little endian 32bit int\n", wanted);
if(fread(&i, sizeof(i), 1, stdin) == NULL) {
errx(1, ":(\n");
}
if(i == wanted) {
printf("Thank you sir/madam\n");
} else {
printf("I'm sorry, you sent %d instead\n", i);
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait for socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this :> */
srandom(time(NULL));
run();
}
在这关其实是考验写代码的能力。题目的意思是在机器上运行了这个程序,需要远程与这个程序打交道,从而达到题目的要求。
从题目得知会自动生成一个随机数返回给客户端,要求客户将这串数字以小端unsigned int型返回来即可。这里是用Python实现的。
#!/usr/bin/env python
from socket import *
from struct import *
from optparse import OptionParser
def main(hostname,port):
s = socket(AF_INET,SOCK_STREAM)
s.connect((hostname,port))
rec = s.recv(1024)
print rec
index1 = rec.find("'")+1
index2 = rec.rfind("'")
print rec[index1:index2]
num = int(rec[index1:index2])
s.send(pack(" rec = s.recv(1024)
print rec
if __name__=="__main__":
parse = OptionParser("usage: %prog [options]")
parse.add_option("-H",dest="hostname",default="127.0.0.1",type="string",help="The ip of the target")
parse.add_option("-P",dest="port",default=2999,type="int",help="The port of the host")
(options,args)=parse.parse_args()
main(options.hostname,options.port)
from socket import *
from struct import *
from optparse import OptionParser
def main(hostname,port):
s = socket(AF_INET,SOCK_STREAM)
s.connect((hostname,port))
rec = s.recv(1024)
print rec
index1 = rec.find("'")+1
index2 = rec.rfind("'")
print rec[index1:index2]
num = int(rec[index1:index2])
s.send(pack(" rec = s.recv(1024)
print rec
if __name__=="__main__":
parse = OptionParser("usage: %prog [options]")
parse.add_option("-H",dest="hostname",default="127.0.0.1",type="string",help="The ip of the target")
parse.add_option("-P",dest="port",default=2999,type="int",help="The port of the host")
(options,args)=parse.parse_args()
main(options.hostname,options.port)
运行结果:
D:\Python27\a\protostar>debug.py -H 192.168.0.71
Please send '1200002487' as a little endian 32bit int
1200002487
Thank you sir/madam
Please send '1200002487' as a little endian 32bit int
1200002487
Thank you sir/madam
本文标题:Protostarnet0
标题来源:http://pcwzsj.com/article/gsjcps.html