Binary Exploitation Protostar Net2 - Walkthrough

Hello Guys,



Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net2 Level.


Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

Note: I want to highlight Few Points.

  • I'm not the creator of protostar war game. I am just a player.
  • Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
  • Understand all previous levels before starting this one.
  • Do some research on Assembly, C/C++ and Gdb
  • Do Some Research About Heap overflow exploitation.
  •  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

Hint



This code tests the ability to add up 4 unsigned 32-bit integers. 
Hint: Keep in mind that it wraps.

This level is at /opt/protostar/bin/net2

Source Code


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#include "../common/common.c"

#define NAME "net2"
#define UID 997
#define GID 997
#define PORT 2997

void run()
{
  unsigned int quad[4];
  int i;
  unsigned int result, wanted;

  result = 0;
  for(i = 0; i < 4; i++) {
      quad[i] = random();
      result += quad[i];

      if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) {
          errx(1, ":(\n");
      }
  }

  if(read(0, &wanted, sizeof(result)) != sizeof(result)) {
      errx(1, ":<\n");
  }


  if(result == wanted) {
      printf("you added them correctly\n");
  } else {
      printf("sorry, try again. invalid\n");
  }
}

int main(int argc, char **argv, char **envp)
{
  int fd;
  char *username;

  /* Run the process as a daemon */
  background_process(NAME, UID, GID); 
  
  /* Wait for socket activity and return */
  fd = serve_forever(PORT);

  /* Set the client socket to STDIN, STDOUT, and STDERR */
  set_io(fd);

  /* Don't do this :> */
  srandom(time(NULL));

  run();
}
♥Dcode♥

Description

Super Easy!

Exploit

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/python
import struct
import socket


# Connection Details
port = 2997
ip = '192.168.198.128'

# Create Socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Socket Bind 
s.connect((ip, port))


for i in range(4):
    #print i+1
    # Receive
    data = s. recv(4)
    print [data]
    #print bin(data)
    k="i"
    #print k
    print len(data)
    data = struct.unpack(k, data)
    print data
    



# Sending
s.send(str(num))

# Check Result
print s.recv(2048)

# Close Port
s.close()
♥Dcode♥




For More Detailed Walk through Check Below Provided YouTube Video Playlist



Share this

Related Posts

Previous
Next Post »