Protostarnet3
This level is at /opt/protostar/bin/net3<h3 Droid Sans', sans-serif; font-weight: normal; line-height: 40px; color: rgb(255, 255, 255); text-rendering: optimizelegibility; font-size: 31.5px; background-color: rgb(18, 20, 23);">Source code
#include "../common/common.c"
#define NAME "net3"
#define UID 996
#define GID 996
#define PORT 2996
/*
* Extract a null terminated string from the buffer
*/
int get_string(char **result, unsigned char *buffer, u_int16_t len)
{
unsigned char byte;
byte = *buffer;
if(byte > len) errx(1, "badly formed packet");
*result = malloc(byte);
strcpy(*result, buffer + 1);
return byte + 1;
}
/*
* Check to see if we can log into the host
*/
int login(unsigned char *buffer, u_int16_t len)
{
char *resource, *username, *password;
int deduct;
int success;
if(len < 3) errx(1, "invalid login packet length");
resource = username = password = NULL;
deduct = get_string(&resource, buffer, len);
deduct += get_string(&username, buffer+deduct, len-deduct);
deduct += get_string(&password, buffer+deduct, len-deduct);
success = 0;
success |= strcmp(resource, "net3");
success |= strcmp(username, "awesomesauce");
success |= strcmp(password, "password");
free(resource);
free(username);
free(password);
return ! success;
}
void send_string(int fd, unsigned char byte, char *string)
{
struct iovec v[3];
u_int16_t len;
int expected;
len = ntohs(1 + strlen(string));
v[0].iov_base = &len;
v[0].iov_len = sizeof(len);
v[1].iov_base = &byte;
v[1].iov_len = 1;
v[2].iov_base = string;
v[2].iov_len = strlen(string);
expected = sizeof(len) + 1 + strlen(string);
if(writev(fd, v, 3) != expected) errx(1, "failed to write correct amount of bytes");
}
void run(int fd)
{
u_int16_t len;
unsigned char *buffer;
int loggedin;
while(1) {
nread(fd, &len, sizeof(len));
len = ntohs(len);
buffer = malloc(len);
if(! buffer) errx(1, "malloc failure for %d bytes", len);
nread(fd, buffer, len);
switch(buffer[0]) {
case 23:
loggedin = login(buffer + 1, len - 1);
send_string(fd, 33, loggedin ? "successful" : "failed");
break;
default:
send_string(fd, 58, "what you talkin about willis?");
break;
}
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait for socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this :> */
srandom(time(NULL));
run(fd);
}
#define NAME "net3"
#define UID 996
#define GID 996
#define PORT 2996
/*
* Extract a null terminated string from the buffer
*/
int get_string(char **result, unsigned char *buffer, u_int16_t len)
{
unsigned char byte;
byte = *buffer;
if(byte > len) errx(1, "badly formed packet");
*result = malloc(byte);
strcpy(*result, buffer + 1);
return byte + 1;
}
/*
* Check to see if we can log into the host
*/
int login(unsigned char *buffer, u_int16_t len)
{
char *resource, *username, *password;
int deduct;
int success;
if(len < 3) errx(1, "invalid login packet length");
resource = username = password = NULL;
deduct = get_string(&resource, buffer, len);
deduct += get_string(&username, buffer+deduct, len-deduct);
deduct += get_string(&password, buffer+deduct, len-deduct);
success = 0;
success |= strcmp(resource, "net3");
success |= strcmp(username, "awesomesauce");
success |= strcmp(password, "password");
free(resource);
free(username);
free(password);
return ! success;
}
void send_string(int fd, unsigned char byte, char *string)
{
struct iovec v[3];
u_int16_t len;
int expected;
len = ntohs(1 + strlen(string));
v[0].iov_base = &len;
v[0].iov_len = sizeof(len);
v[1].iov_base = &byte;
v[1].iov_len = 1;
v[2].iov_base = string;
v[2].iov_len = strlen(string);
expected = sizeof(len) + 1 + strlen(string);
if(writev(fd, v, 3) != expected) errx(1, "failed to write correct amount of bytes");
}
void run(int fd)
{
u_int16_t len;
unsigned char *buffer;
int loggedin;
while(1) {
nread(fd, &len, sizeof(len));
len = ntohs(len);
buffer = malloc(len);
if(! buffer) errx(1, "malloc failure for %d bytes", len);
nread(fd, buffer, len);
switch(buffer[0]) {
case 23:
loggedin = login(buffer + 1, len - 1);
send_string(fd, 33, loggedin ? "successful" : "failed");
break;
default:
send_string(fd, 58, "what you talkin about willis?");
break;
}
}
}
int main(int argc, char **argv, char **envp)
{
int fd;
char *username;
/* Run the process as a daemon */
background_process(NAME, UID, GID);
/* Wait for socket activity and return */
fd = serve_forever(PORT);
/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);
/* Don't do this :> */
srandom(time(NULL));
run(fd);
}
乍一看,好長(zhǎng)的代碼~~~但是還是得看~~~:-)
程序先讀一個(gè)長(zhǎng)度,這個(gè)長(zhǎng)度就是待會(huì)客戶(hù)端即將發(fā)過(guò)來(lái)的字符串的長(zhǎng)度,第二次讀時(shí)獲取一個(gè)字符串,首先先判斷第一個(gè)字符的值是否為23,是則繼續(xù)
然后分析get_string()函數(shù),先讀第一個(gè)字符,也是長(zhǎng)度的意思,然后取出該長(zhǎng)度的字符保存在那指針里面,如果三次取出的字符分別是net3,awesomesauce,password的話(huà)即可success。
以下是代碼:
#!/usr/bin/env python
from socket import *
from struct import *
from optparse import OptionParser
import select
def main(hostname,port):
s = socket(AF_INET,SOCK_STREAM)
s.connect((hostname,port))
send_str = ("\x17"
"\x05net3\x00"
"\x0dawesomesauce\x00"
"\x09password\x00")
send_len = len(send_str)
s.send(pack(">H", send_len))
s.send(send_str)
print s.recv(1024)
s.close()
if __name__=="__main__":
parse = OptionParser("usage: %prog [options]")
parse.add_option("-H",dest="hostname",default="127.0.0.1",type="string",help="The ip of the target")
parse.add_option("-P",dest="port",default=2996,type="int",help="The port of the host")
(options,args)=parse.parse_args()
main(options.hostname,options.port)
from socket import *
from struct import *
from optparse import OptionParser
import select
def main(hostname,port):
s = socket(AF_INET,SOCK_STREAM)
s.connect((hostname,port))
send_str = ("\x17"
"\x05net3\x00"
"\x0dawesomesauce\x00"
"\x09password\x00")
send_len = len(send_str)
s.send(pack(">H", send_len))
s.send(send_str)
print s.recv(1024)
s.close()
if __name__=="__main__":
parse = OptionParser("usage: %prog [options]")
parse.add_option("-H",dest="hostname",default="127.0.0.1",type="string",help="The ip of the target")
parse.add_option("-P",dest="port",default=2996,type="int",help="The port of the host")
(options,args)=parse.parse_args()
main(options.hostname,options.port)
運(yùn)行結(jié)果:
名稱(chēng)欄目:Protostarnet3
標(biāo)題路徑:http://m.kartarina.com/article20/gechco.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供建站公司、定制網(wǎng)站、小程序開(kāi)發(fā)、外貿(mào)建站、品牌網(wǎng)站設(shè)計(jì)、品牌網(wǎng)站建設(shè)
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶(hù)投稿、用戶(hù)轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀(guān)點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話(huà):028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)
- 如何制作自己的網(wǎng)站 企業(yè)品牌網(wǎng)站設(shè)計(jì)思路 2021-05-05
- 理解透公司品牌內(nèi)涵后才能做好品牌網(wǎng)站設(shè)計(jì)制作 2022-04-05
- 怎樣做深圳品牌網(wǎng)站設(shè)計(jì)才有效果 2021-10-18
- 深圳品牌網(wǎng)站設(shè)計(jì):如何制作設(shè)計(jì)一個(gè)好的網(wǎng)站 2021-08-17
- 如何才能做好品牌網(wǎng)站設(shè)計(jì)與建設(shè) 2023-03-19
- 品牌網(wǎng)站設(shè)計(jì)有哪些問(wèn)題要注意? 2020-12-26
- 品牌網(wǎng)站設(shè)計(jì)怎樣做更加高端? 2016-10-05
- 品牌網(wǎng)站設(shè)計(jì)制作的簡(jiǎn)單步驟 2022-12-03
- 怎樣做成都品牌網(wǎng)站設(shè)計(jì)才有效果? 2016-12-27
- 如何做好品牌網(wǎng)站設(shè)計(jì),成都網(wǎng)站建設(shè)公司來(lái)幫您。 2022-08-20
- 品牌網(wǎng)站設(shè)計(jì)如何達(dá)到展示目的 2022-12-14
- 想要做好品牌網(wǎng)站設(shè)計(jì)的4個(gè)要點(diǎn) 2022-01-09