Protostar net0 write-up
net0
#include "../common/common.c" #define NAME "net0" #define UID 999 #define GID 999 #define PORT 2999 void run() { unsigned int i; unsigned int wanted; wanted = random(); printf("Please send '%d' as a little endian 32bit int\n", wanted); if(fread(&i, sizeof(i), 1, stdin) == NULL) { errx(1, ":(\n"); } if(i == wanted) { printf("Thank you sir/madam\n"); } else { printf("I'm sorry, you sent %d instead\n", i); } } int main(int argc, char **argv, char **envp) { int fd; char *username; /* Run the process as a daemon */ background_process(NAME, UID, GID); /* Wait for socket activity and return */ fd = serve_forever(PORT); /* Set the client socket to STDIN, STDOUT, and STDERR */ set_io(fd); /* Don't do this :>; */ srandom(time(NULL)); run(); }
运行程序net0,查看运行的进程和监听端口在2999

kill此进程后,监听的端口也关闭了,再次开启net0,端口再次打开

使用nc查看端口2999内容,发送一个随机数,并且使用小端序32bit编码,如果随便输入一个值,会返回错误提示信息。

使用python struct包将int值转化为小端序编码使用echo -e “`cat -`” | nc -v 127.0.0.1 2999 来监听端口处的随机数然后使用python将此值转为小端序

转换后的值带入nc,ctrl+D执行,返回成功提示

编写python脚本自动化此过程
from struct import * from socket import * import re s = socket(AF_INET, SOCK_STREAM) s.connect(("127.0.0.1",2999)) res = s.recv(1024) f = re.search('\'(.+?)\'',res) if f: num = f.group(1) numle = pack('I',int(num)) print 'random number: ',num print 'send numle(hex): ',numle.encode('hex') s.send(numle) print s.recv(1024) s.close()

修改IP地址,在外部访问也是完全OK的
