시스템
protostar net0
wtdsoul
2025. 1. 30. 23:11
https://github.com/LYoungJoo/WarGame_WrteUp/blob/master/protostar/Net0-2%20Write%20Up/NET0.py
WarGame_WrteUp/protostar/Net0-2 Write Up/NET0.py at master · LYoungJoo/WarGame_WrteUp
wargame writeup. Contribute to LYoungJoo/WarGame_WrteUp development by creating an account on GitHub.
github.com
백그라운드로 구동
#include "../common/common.c"
#define NAME "net0"
#define UID 999
#define GID 999
#define PORT 2999
void run()
{
unsigned int i;
unsigned int wanted;
wanted = random();
printf("Please send '%d' as a little endian 32bit int \n", wanted);
if(fread(&i, sizeof(i), 1, stdin) == NULL) {
errx(1, ":(\n");
}
if(i == wnated) {
printf("Thank you sir/madam \n");
} else {
printf("I'm sorry, you sent %d instead \n", i);
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait or socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this */
srandom(time(NULL));
run();
}import socket
import struct
def until(s, string):
data = b''
while string not in data:
data += s.recv(1)
return data
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('192.168.249.139', 2999))
data = until(s, b'\n')
recvstring = str(data)
print(recvstring)
start = str(data).find("'")+1
end = str(data).find("'", start)
quiz = int(recvstring[start:end])
convlittle = struct.pack('<I',quiz)
s.send(convlittle)
print(until(s, b'\n'))
s.close()
참고
# using pwntool : https://github.com/Gallopsled/pwntools
from pwn import *
s = remote('10.211.55.9', 2999)
data = int(s.recvline()[13:22])
print "[+] RECV " + str(data)
print "[+] SEND"
s.send(p32(data)) # packing
print "[+] " + str(s.recvline())import socket
import struct
s = socket.socket()
s.connect(("192.168.xxx.xxx",2999))
data = s.recv(1024)
print data
data = data.split("'")
s.send(struct.pack('<i', int(data[1])))
print s.recv(1024)
s.close()