Binary Exploitation Protostar Net0 - Walkthrough

Posted by Suraj Singh on June 18, 2018 · 6 mins read
Hello Guys,



Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise ProtoStar Net0 Level.


Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

Note: I want to highlight Few Points.

  • I'm not the creator of protostar war game. I am just a player.
  • Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
  • Understand all previous levels before starting this one.
  • Do some research on Assembly, C/C++ and Gdb
  • Do Some Research About Heap overflow exploitation.
  •  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.


Hint



1
2
3
This level takes a look at converting strings to little endian integers.

This level is at /opt/protostar/bin/net0
♥Dcode♥

Source Code.


 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#include "../common/common.c"

#define NAME "net0"
#define UID 999
#define GID 999
#define PORT 2999

void run()
{
unsigned int i;
unsigned int wanted;

wanted = random();

printf("Please send '%d' as a little endian 32bit int\n", wanted);

if(fread(&i, sizeof(i), 1, stdin) == NULL) {
errx(1, ":(\n");
}

if(i == wanted) {
printf("Thank you sir/madam\n");
} else {
printf("I'm sorry, you sent %d instead\n", i);
}
}

int main(int argc, char **argv, char **envp)
{
int fd;
char *username;

/* Run the process as a daemon */
background_process(NAME, UID, GID);

/* Wait for socket activity and return */
fd = serve_forever(PORT);

/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);

/* Don't do this :> */
srandom(time(NULL));

run();
}
♥Dcode♥

Description

Well, Guys This level is Super Easy. We Just need To Insert Same Integers, received after creating connection.

Exploit


 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/python
import struct
import socket


# Connection Details
port = 2999
ip = '192.168.198.128'

# Create Socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Socket Bind
s.connect((ip, port))

# Receive
data = s. recv(1024)

# Extract data
print "[+] Raw Data : ", data
num = data[13:22]
num = int(num)

# Sending
s.send(struct.pack("i", num))

# Check Result
print s.recv(1024)

# Close Port
s.close()
♥Dcode♥


For More Detailed Walk through Check Below Provided YouTube Video Playlist

Bitforestinfo YouTube Protostar CTF Playlist