Binary Exploitation Protostar Net1 - Walkthrough

Hello Guys,



Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net1 Level.


Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

Note: I want to highlight Few Points.

  • I'm not the creator of protostar war game. I am just a player.
  • Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
  • Understand all previous levels before starting this one.
  • Do some research on Assembly, C/C++ and Gdb
  • Do Some Research About Heap overflow exploitation.
  •  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

Hint


1
2
3
This level tests the ability to convert binary integers into ascii representation.

This level is at /opt/protostar/bin/net1
♥Dcode♥

Source Code


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include "../common/common.c"

#define NAME "net1"
#define UID 998
#define GID 998
#define PORT 2998

void run()
{
  char buf[12];
  char fub[12];
  char *q;

  unsigned int wanted;

  wanted = random();

  sprintf(fub, "%d", wanted);

  if(write(0, &wanted, sizeof(wanted)) != sizeof(wanted)) {
      errx(1, ":(\n");
  }

  if(fgets(buf, sizeof(buf)-1, stdin) == NULL) {
      errx(1, ":(\n");
  }

  q = strchr(buf, '\r'); if(q) *q = 0;
  q = strchr(buf, '\n'); if(q) *q = 0;

  if(strcmp(fub, buf) == 0) {
      printf("you correctly sent the data\n");
  } else {
      printf("you didn't send the data properly\n");
  }
}

int main(int argc, char **argv, char **envp)
{
  int fd;
  char *username;

  /* Run the process as a daemon */
  background_process(NAME, UID, GID); 
  
  /* Wait for socket activity and return */
  fd = serve_forever(PORT);

  /* Set the client socket to STDIN, STDOUT, and STDERR */
  set_io(fd);

  /* Don't do this :> */
  srandom(time(NULL));

  run();
}
♥Dcode♥

Descriptions

This Level Is Also Super Simple Like Previous Level. So, I have Nothing To Explain.

Exploit


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/python
import struct
import socket


# Connection Details
port = 2998
ip = '192.168.198.128'

# Create Socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Socket Bind 
s.connect((ip, port))

# Receive
data = s. recv(2048)

# Extract data
print "[+] Raw Data : ", data

# Receiving Pure Integers In packets 
num = struct.unpack("i", data)[0]

# Sending
s.send(str(num))

# Check Result
print s.recv(2048)

# Close Port
s.close()
♥Dcode♥



For More Detailed Walk through Check Below Provided YouTube Video Playlist



Share this

Related Posts

Previous
Next Post »