Protostar net0 write-up

net0

#include "../common/common.c"
 
#define NAME "net0"
#define UID 999
#define GID 999
#define PORT 2999
 
void run()
{
 unsigned int i;
 unsigned int wanted;
 
 wanted = random();
 
 printf("Please send '%d' as a little endian 32bit int\n", wanted);
 
 if(fread(&i, sizeof(i), 1, stdin) == NULL) {
 errx(1, ":(\n");
 }
 
 if(i == wanted) {
 printf("Thank you sir/madam\n");
 } else {
 printf("I'm sorry, you sent %d instead\n", i);
 }
}
 
int main(int argc, char **argv, char **envp)
{
 int fd;
 char *username;
 
 /* Run the process as a daemon */
 background_process(NAME, UID, GID); 
  
 /* Wait for socket activity and return */
 fd = serve_forever(PORT);
 
 /* Set the client socket to STDIN, STDOUT, and STDERR */
 set_io(fd);
 
 /* Don't do this :>; */
 srandom(time(NULL));
 
 run();
}

运行程序net0，查看运行的进程和监听端口在2999

kill此进程后，监听的端口也关闭了，再次开启net0，端口再次打开

使用nc查看端口2999内容，发送一个随机数，并且使用小端序32bit编码，如果随便输入一个值，会返回错误提示信息。

使用python struct包将int值转化为小端序编码使用echo -e “`cat -`” | nc -v 127.0.0.1 2999 来监听端口处的随机数然后使用python将此值转为小端序

转换后的值带入nc，ctrl+D执行，返回成功提示

编写python脚本自动化此过程

from struct import *
from socket import *
import re

s = socket(AF_INET, SOCK_STREAM)
s.connect(("127.0.0.1",2999))
res = s.recv(1024)
f = re.search('\'(.+?)\'',res)
if f:
        num = f.group(1)
numle = pack('I',int(num))
print 'random number: ',num
print 'send numle(hex): ',numle.encode('hex')
s.send(numle)
print s.recv(1024)
s.close()

修改IP地址，在外部访问也是完全OK的