Binary Exploitation Protostar Net0 - Walkthrough

Hello Guys,



Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise ProtoStar Net0 Level.


Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

Note: I want to highlight Few Points.

  • I'm not the creator of protostar war game. I am just a player.
  • Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
  • Understand all previous levels before starting this one.
  • Do some research on Assembly, C/C++ and Gdb
  • Do Some Research About Heap overflow exploitation.
  •  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.


Hint



1
2
3
This level takes a look at converting strings to little endian integers.

This level is at /opt/protostar/bin/net0
♥Dcode♥

Source Code.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#include "../common/common.c"

#define NAME "net0"
#define UID 999
#define GID 999
#define PORT 2999

void run()
{
  unsigned int i;
  unsigned int wanted;

  wanted = random();

  printf("Please send '%d' as a little endian 32bit int\n", wanted);

  if(fread(&i, sizeof(i), 1, stdin) == NULL) {
      errx(1, ":(\n");
  }

  if(i == wanted) {
      printf("Thank you sir/madam\n");
  } else {
      printf("I'm sorry, you sent %d instead\n", i);
  }
}

int main(int argc, char **argv, char **envp)
{
  int fd;
  char *username;

  /* Run the process as a daemon */
  background_process(NAME, UID, GID); 
  
  /* Wait for socket activity and return */
  fd = serve_forever(PORT);

  /* Set the client socket to STDIN, STDOUT, and STDERR */
  set_io(fd);

  /* Don't do this :> */
  srandom(time(NULL));

  run();
}
♥Dcode♥

Description

Well, Guys This level is Super Easy. We Just need To Insert Same Integers, received after creating connection.

Exploit


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/python
import struct
import socket


# Connection Details
port = 2999
ip = '192.168.198.128'

# Create Socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Socket Bind 
s.connect((ip, port))

# Receive
data = s. recv(1024)

# Extract data
print "[+] Raw Data : ", data
num = data[13:22]
num = int(num)

# Sending
s.send(struct.pack("i", num))

# Check Result
print s.recv(1024)

# Close Port
s.close()
♥Dcode♥


For More Detailed Walk through Check Below Provided YouTube Video Playlist



Share this

Related Posts

Previous
Next Post »