Skip to main content

Binary Exploitation Protostar Net1 - Walkthrough

Hello Guys,



Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net1 Level.


Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

Note: I want to highlight Few Points.

  • I'm not the creator of protostar war game. I am just a player.
  • Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
  • Understand all previous levels before starting this one.
  • Do some research on Assembly, C/C++ and Gdb
  • Do Some Research About Heap overflow exploitation.
  •  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

Hint


1
2
3
This level tests the ability to convert binary integers into ascii representation.

This level is at /opt/protostar/bin/net1
♥Dcode♥

Source Code


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include "../common/common.c"

#define NAME "net1"
#define UID 998
#define GID 998
#define PORT 2998

void run()
{
  char buf[12];
  char fub[12];
  char *q;

  unsigned int wanted;

  wanted = random();

  sprintf(fub, "%d", wanted);

  if(write(0, &wanted, sizeof(wanted)) != sizeof(wanted)) {
      errx(1, ":(\n");
  }

  if(fgets(buf, sizeof(buf)-1, stdin) == NULL) {
      errx(1, ":(\n");
  }

  q = strchr(buf, '\r'); if(q) *q = 0;
  q = strchr(buf, '\n'); if(q) *q = 0;

  if(strcmp(fub, buf) == 0) {
      printf("you correctly sent the data\n");
  } else {
      printf("you didn't send the data properly\n");
  }
}

int main(int argc, char **argv, char **envp)
{
  int fd;
  char *username;

  /* Run the process as a daemon */
  background_process(NAME, UID, GID); 
  
  /* Wait for socket activity and return */
  fd = serve_forever(PORT);

  /* Set the client socket to STDIN, STDOUT, and STDERR */
  set_io(fd);

  /* Don't do this :> */
  srandom(time(NULL));

  run();
}
♥Dcode♥

Descriptions

This Level Is Also Super Simple Like Previous Level. So, I have Nothing To Explain.

Exploit


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/python
import struct
import socket


# Connection Details
port = 2998
ip = '192.168.198.128'

# Create Socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Socket Bind 
s.connect((ip, port))

# Receive
data = s. recv(2048)

# Extract data
print "[+] Raw Data : ", data

# Receiving Pure Integers In packets 
num = struct.unpack("i", data)[0]

# Sending
s.send(str(num))

# Check Result
print s.recv(2048)

# Close Port
s.close()
♥Dcode♥



For More Detailed Walk through Check Below Provided YouTube Video Playlist



Related Post

Top Visited

Create Simple Packet Sniffer Using Python

how to install burp suite in Linux/Ubuntu 16.04

List of Keyboard Shortcuts Keys for GNOME Desktop (Kali linux / Linux / Ubuntu/*nix )

How to create Phishing Page Using Kali Linux | Webpage Page Cloning Using Kali Linux Social Engineering Toolkit

Best 1000 User-agents List For Web Scraping

Big List Of Google Dorks For Sqli Injection

How To Install GDB Peda?

Latest Google Dorks List

How To Create Snake Game Using Python And Tkinter - Simple python games

2 Easiest Way To Enable Monitor Mode in Kali Linux | Airmon-ng | Iwconfig