### Binary Exploitation Protostar Net1 - Walkthrough

Hello Guys,

Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net1 Level.

Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

#### Note: I want to highlight Few Points.

• I'm not the creator of protostar war game. I am just a player.
• Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
• Understand all previous levels before starting this one.
• Do some research on Assembly, C/C++ and Gdb
• Do Some Research About Heap overflow exploitation.
•  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

### Hint

 ```1 2 3``` ```This level tests the ability to convert binary integers into ascii representation. This level is at /opt/protostar/bin/net1 ```

### Source Code

 ``` 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56``` ```#include "../common/common.c" #define NAME "net1" #define UID 998 #define GID 998 #define PORT 2998 void run() { char buf[12]; char fub[12]; char *q; unsigned int wanted; wanted = random(); sprintf(fub, "%d", wanted); if(write(0, &wanted, sizeof(wanted)) != sizeof(wanted)) { errx(1, ":(\n"); } if(fgets(buf, sizeof(buf)-1, stdin) == NULL) { errx(1, ":(\n"); } q = strchr(buf, '\r'); if(q) *q = 0; q = strchr(buf, '\n'); if(q) *q = 0; if(strcmp(fub, buf) == 0) { printf("you correctly sent the data\n"); } else { printf("you didn't send the data properly\n"); } } int main(int argc, char **argv, char **envp) { int fd; char *username; /* Run the process as a daemon */ background_process(NAME, UID, GID); /* Wait for socket activity and return */ fd = serve_forever(PORT); /* Set the client socket to STDIN, STDOUT, and STDERR */ set_io(fd); /* Don't do this :> */ srandom(time(NULL)); run(); } ```

### Descriptions

This Level Is Also Super Simple Like Previous Level. So, I have Nothing To Explain.

### Exploit

 ``` 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32``` ```#!/usr/bin/python import struct import socket # Connection Details port = 2998 ip = '192.168.198.128' # Create Socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Socket Bind s.connect((ip, port)) # Receive data = s. recv(2048) # Extract data print "[+] Raw Data : ", data # Receiving Pure Integers In packets num = struct.unpack("i", data)[0] # Sending s.send(str(num)) # Check Result print s.recv(2048) # Close Port s.close() ```