Protostar Exploit Challenges Net2 Solution

Introduction

In this challenge the program sends 4 random numbers. Our program must add them up and send them back.

The Code

 

#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>


void main() {

        int sockfd;
        unsigned int received_int;
        struct addrinfo hints, *servinfo, *p;
        char buffer [512];
        char buffer2 [512];
        unsigned int result = 0;
        int rv;

        memset(&hints, 0, sizeof hints);
        memset(buffer, 0, sizeof(buffer));
        memset(buffer2, 0, sizeof(buffer2));
        hints.ai_family = AF_UNSPEC;
        hints.ai_socktype = SOCK_STREAM;

        if ((rv = getaddrinfo("127.0.0.1", "2997", &hints, &servinfo)) != 0) {
            fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
            exit(1);
        }

        // loop through all the results and connect to the first we can
        for(p = servinfo; p != NULL; p = p->ai_next) {
            if ((sockfd = socket(p->ai_family, p->ai_socktype,
                    p->ai_protocol)) == -1) {
                perror("socket");
                continue;
            }

            if (connect(sockfd, p->ai_addr, p->ai_addrlen) == -1) {
                close(sockfd);
                perror("connect");
                continue;
            }

            int i;
            for(i = 0; i < 4; i++) {
                read(sockfd, buffer, sizeof(unsigned int));
                result += *((unsigned int *)buffer);
            }

            //Print the unsigned integer version of what was read
            printf("Received: %u\r\n", *((unsigned int *)buffer));

            printf("Sending: %u\r\n", result);

            send(sockfd, &result, sizeof(unsigned int), 0);

            read(sockfd, buffer, sizeof(buffer));

            printf("%s", buffer);

            break; // if we get here, we must have connected successfully
        }

        if (p == NULL) {
            // looped off the end of the list with no connection
            fprintf(stderr, "failed to connect\n");
            exit(2);
        }

        freeaddrinfo(servinfo); // all done with this structure
}

VICTORY

Leave a Reply