Skip to main content

Binary Exploitation Protostar Net2 - Walkthrough

Hello Guys,



Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net2 Level.


Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

Note: I want to highlight Few Points.

  • I'm not the creator of protostar war game. I am just a player.
  • Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
  • Understand all previous levels before starting this one.
  • Do some research on Assembly, C/C++ and Gdb
  • Do Some Research About Heap overflow exploitation.
  •  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

Hint



This code tests the ability to add up 4 unsigned 32-bit integers. 
Hint: Keep in mind that it wraps.

This level is at /opt/protostar/bin/net2

Source Code


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#include "../common/common.c"

#define NAME "net2"
#define UID 997
#define GID 997
#define PORT 2997

void run()
{
  unsigned int quad[4];
  int i;
  unsigned int result, wanted;

  result = 0;
  for(i = 0; i < 4; i++) {
      quad[i] = random();
      result += quad[i];

      if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) {
          errx(1, ":(\n");
      }
  }

  if(read(0, &wanted, sizeof(result)) != sizeof(result)) {
      errx(1, ":<\n");
  }


  if(result == wanted) {
      printf("you added them correctly\n");
  } else {
      printf("sorry, try again. invalid\n");
  }
}

int main(int argc, char **argv, char **envp)
{
  int fd;
  char *username;

  /* Run the process as a daemon */
  background_process(NAME, UID, GID); 
  
  /* Wait for socket activity and return */
  fd = serve_forever(PORT);

  /* Set the client socket to STDIN, STDOUT, and STDERR */
  set_io(fd);

  /* Don't do this :> */
  srandom(time(NULL));

  run();
}
♥Dcode♥

Description

Super Easy!

Exploit

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/python
import struct
import socket


# Connection Details
port = 2997
ip = '192.168.198.128'

# Create Socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Socket Bind 
s.connect((ip, port))


for i in range(4):
    #print i+1
    # Receive
    data = s. recv(4)
    print [data]
    #print bin(data)
    k="i"
    #print k
    print len(data)
    data = struct.unpack(k, data)
    print data
    



# Sending
s.send(str(num))

# Check Result
print s.recv(2048)

# Close Port
s.close()
♥Dcode♥




For More Detailed Walk through Check Below Provided YouTube Video Playlist



Related Post

Top Visited

Big List Of Google Dorks For Sqli Injection

List of Keyboard Shortcuts Keys for GNOME Desktop (Kali linux / Linux / Ubuntu/*nix )

Create Simple Packet Sniffer Using Python

how to install burp suite in Linux/Ubuntu 16.04

How to create Phishing Page Using Kali Linux | Webpage Page Cloning Using Kali Linux Social Engineering Toolkit

Best 1000 User-agents List For Web Scraping

How To Install GDB Peda?

Latest Google Dorks List

2 Easiest Way To Enable Monitor Mode in Kali Linux | Airmon-ng | Iwconfig

How To Create Snake Game Using Python And Tkinter - Simple python games