Protostar Exploit Challenges Net0 Solution


This is probably the simplest challenge so far. The program sends you a number and you have to convert that number to little endian. There’s really not much more to it then that.

Checking Things Out

I started by just using netcat to see what the output looked like:

user@protostar:~$ nc 2999
Please send ‘1116830087’ as a little endian 32bit int
I’m sorry, you sent 892679477 instead

Exploiting… Solving More Like?


#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>

void main() {
        // code for a client connecting to a server
        // namely a stream socket to on port 80 (http)
        // either IPv4 or IPv6

        int sockfd;
        unsigned int received_int;
        struct addrinfo hints, *servinfo, *p;
        int rv;
        char buffer [1024];
        int n;

        memset(&hints, 0, sizeof hints);
        hints.ai_family = AF_UNSPEC;
        hints.ai_socktype = SOCK_STREAM;

        if ((rv = getaddrinfo("", "2999", &hints, &servinfo)) != 0) {
            fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));

        // loop through all the results and connect to the first we can
        for(p = servinfo; p != NULL; p = p->ai_next) {
            if ((sockfd = socket(p->ai_family, p->ai_socktype,
                    p->ai_protocol)) == -1) {

            if (connect(sockfd, p->ai_addr, p->ai_addrlen) == -1) {

            read(sockfd, buffer, sizeof(buffer));

            printf("%s", buffer);

            n = sscanf(buffer,
                       "Please send '%d' as a little endian 32bit int",

            printf("%u\r\n", received_int);

            send(sockfd, &received_int, sizeof(received_int), 0);

            read(sockfd, buffer, sizeof(buffer));

            printf("%s", buffer);

            break; // if we get here, we must have connected successfully

        if (p == NULL) {
            // looped off the end of the list with no connection
            fprintf(stderr, "failed to connect\n");

        freeaddrinfo(servinfo); // all done with this structure

There’s really not much to say about the code. It creates a socket, reads the information and responds. The only thing of note that was fairly humorous was how frustrated I was when I originally wrote the program. I flipped the bytes into reverse order just like I was supposed to only to discover the program didn’t work. That’s when I realized that C already was sending in little endian byte order… so I didn’t have to do anything other then send the number right back from whence it came.


Leave a Reply