Protostar net1 write-up
net1
#include "../common/common.c" #define NAME "net1" #define UID 998 #define GID 998 #define PORT 2998 void run() { char buf[12]; char fub[12]; char *q; unsigned int wanted; wanted = random(); sprintf(fub, "%d", wanted); if(write(0, &wanted, sizeof(wanted)) != sizeof(wanted)) { errx(1, ":(\n"); } if(fgets(buf, sizeof(buf)-1, stdin) == NULL) { errx(1, ":(\n"); } q = strchr(buf, '\r'); if(q) *q = 0; q = strchr(buf, '\n'); if(q) *q = 0; if(strcmp(fub, buf) == 0) { printf("you correctly sent the data\n"); } else { printf("you didn't send the data properly\n"); } } int main(int argc, char **argv, char **envp) { int fd; char *username; /* Run the process as a daemon */ background_process(NAME, UID, GID); /* Wait for socket activity and return */ fd = serve_forever(PORT); /* Set the client socket to STDIN, STDOUT, and STDERR */ set_io(fd); /* Don't do this :> */ srandom(time(NULL)); run(); }
根据源码和运行结果,net1运行在2998端口

运行nc查看2998端口数据,接收到1xbE,根据源码提示,需要转为ASCII码

编写代码,与net0.py非常相似,只是把获取的socket数据变一下编码方式
from socket import * from struct import * s = socket(AF_INET, SOCK_STREAM) s.connect(("127.0.0.1",2998)) res = s.recv(10) print res.encode('hex') num = unpack("<L",res)[0] print num s.send(str(num)) print (s.recv(1024)) s.close()
运行成功
