Binary Exploitation Protostar Net2 - Walkthrough

Posted by Suraj Singh on June 18, 2018 · 7 mins read
Hello Guys,



Today In This post, I am going to share with you my walkthrough experience of Exploit Exercise Protostar Net2 Level.


Before Starting Our Walkthrough Let's Take a Look At Hints And Details.

Note: I want to highlight Few Points.

  • I'm not the creator of protostar war game. I am just a player.
  • Here, I am Just providing you hints and reference so, that if you feel stuck anywhere. Take a Look Here.
  • Understand all previous levels before starting this one.
  • Do some research on Assembly, C/C++ and Gdb
  • Do Some Research About Heap overflow exploitation.
  •  All Credit Related To Exploit Exercise War Games Goes To exploit-exercises.com.

So, Let's Start.

Hint



This code tests the ability to add up 4 unsigned 32-bit integers. 
Hint: Keep in mind that it wraps.

This level is at /opt/protostar/bin/net2

Source Code


 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#include "../common/common.c"

#define NAME "net2"
#define UID 997
#define GID 997
#define PORT 2997

void run()
{
unsigned int quad[4];
int i;
unsigned int result, wanted;

result = 0;
for(i = 0; i < 4; i++) {
quad[i] = random();
result += quad[i];

if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) {
errx(1, ":(\n");
}
}

if(read(0, &wanted, sizeof(result)) != sizeof(result)) {
errx(1, ":<\n");
}


if(result == wanted) {
printf("you added them correctly\n");
} else {
printf("sorry, try again. invalid\n");
}
}

int main(int argc, char **argv, char **envp)
{
int fd;
char *username;

/* Run the process as a daemon */
background_process(NAME, UID, GID);

/* Wait for socket activity and return */
fd = serve_forever(PORT);

/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);

/* Don't do this :> */
srandom(time(NULL));

run();
}
♥Dcode♥

Description

Super Easy!

Exploit

 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/usr/bin/python
import struct
import socket


# Connection Details
port = 2997
ip = '192.168.198.128'

# Create Socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Socket Bind
s.connect((ip, port))


for i in range(4):
#print i+1
# Receive
data = s. recv(4)
print [data]
#print bin(data)
k="i"
#print k
print len(data)
data = struct.unpack(k, data)
print data




# Sending
s.send(str(num))

# Check Result
print s.recv(2048)

# Close Port
s.close()
♥Dcode♥




For More Detailed Walk through Check Below Provided YouTube Video Playlist

Bitforestinfo YouTube Protostar CTF Playlist