'Wargame/Vortex.overthewire.org'에 해당하는 글 1건

Category : System hacking

Level 0

Level Goal:
Your goal is to connect to port 5842 on vortex.labs.overthewire.org and read in 4 unsigned integers in host byte order. Add these integers together and send back the results to get a username and password for level 1.
Note: that vortex is on an x86 machine (meaning, a little endian architecture)
Helpful Reading Material
C Programming Introduction
Network Programming Tutorial

Summary : socket programming , little endian , sum all received data and send back


문제에서 요구하는것은 vortex.labs.overthewire.org:5842에 접속하여 4개의 unsigned integers(little endian)를 받고 , 합하여 재전송해주는 것이다.
이를 python script로 작성해 문제를 해결한다.

script가 해야하는 동작을 순서대로 나열해보면

1) Connect
2) Receive * 4
3) Sum
4) Send

위와 같이 간단하다.
하지만 주의할 점은 server에서 little endian byte order에 따라 unsigned integer을 전송해주기 때문에 data를 수신하거나 전송할때에 struct 모듈을 이용하여 자료형을 맞춰주어야 한다.

[pwn3r@localhost io]$ cat exploit.py
#!/usr/bin/python 

from socket import * 
import struct 

HOST = "vortex.labs.overthewire.org" 
PORT = 5842 
data = 0 

print "[!] Exploit started !" 

s = socket(AF_INET , SOCK_STREAM) 
s.connect((HOST , PORT)) 

print "[+] Connected to server!" 

for i in range(4): 
tmp = struct.unpack("<l" , s.recv(4))[0] 
print "[+] Received : " + str(tmp) 
data += tmp 

print "[+] Sum of data is : " + str(data) 

data = struct.pack("<l" , data) 

print "[!] Sending data" 
s.send(data)
 
key = s.recv(1024) 
print "[+] Key : " + key 

s.close() 

[pwn3r@localhost io]$ python exploit.py
[!] Exploit started ! 
[+] Connected to server! 
[+] Received : 514893279 
[+] Received : 449990647 
[+] Received : 866074304 
[+] Received : 1362899077 
[+] Sum of data is : 3193857307
 
[!] Sending data 
[+] Key : Username: vortex1 Password: Gq#qu3bF3

vortex1 user의 password를 획득했다.

'Wargame > Vortex.overthewire.org' 카테고리의 다른 글

Vortex overthewire level0  (0) 2011.07.17

WRITTEN BY
pwn3r
45

트랙백  0 , 댓글  0개가 달렸습니다.
secret