Protostar net2 Write-up
net2
#include "../common/common.c" #define NAME "net2" #define UID 997 #define GID 997 #define PORT 2997 void run() { unsigned int quad[4]; int i; unsigned int result, wanted; result = 0; for(i = 0; i < 4; i++) { quad[i] = random(); result += quad[i]; if(write(0, &(quad[i]), sizeof(result)) != sizeof(result)) { errx(1, ":(\n"); } } if(read(0, &wanted, sizeof(result)) != sizeof(result)) { errx(1, ":<\n"); } if(result == wanted) { printf("you added them correctly\n"); } else { printf("sorry, try again. invalid\n"); } } int main(int argc, char **argv, char **envp) { int fd; char *username; /* Run the process as a daemon */ background_process(NAME, UID, GID); /* Wait for socket activity and return */ fd = serve_forever(PORT); /* Set the client socket to STDIN, STDOUT, and STDERR */ set_io(fd); /* Don't do this :> */ srandom(time(NULL)); run(); }
需要4个随机数,然后求和,只需要将net1.py程序修改一下,获取四次随机数值,然后求和发送就OK了
net2.py源码
from socket import * from struct import * s = socket(AF_INET, SOCK_STREAM) s.connect(("127.0.0.1",2997)) sum = 0 for i in range(4): res = s.recv(10) print res.encode('hex') sum += int(unpack("<I",res)[0]) print sum s.send(str(pack("<I",sum))) print (s.recv(1024)) s.close()
运行成功

但是程序执行时因为求和没有进行边界检查,会造成整型溢出

所以在程序求和结束后可以进行一次AND运算
修改后的net2.py
from socket import * from struct import * s = socket(AF_INET, SOCK_STREAM) s.connect(("127.0.0.1",2997)) sum = 0 for i in range(4): res = s.recv(10) print res.encode('hex') sum += int(unpack("<I",res)[0]) sum &= 0xffffffff print sum s.send(str(pack("<I",sum))) print (s.recv(1024)) s.close()