中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Protostar net3

發布時間:2020-07-16 16:06:02 來源:網絡 閱讀:345 作者:terrying 欄目:安全技術

This level is at /opt/protostar/bin/net3<h3 Droid Sans', sans-serif; font-weight: normal; line-height: 40px; color: rgb(255, 255, 255); text-rendering: optimizelegibility; font-size: 31.5px; background-color: rgb(18, 20, 23);">Source code

#include "../common/common.c"

#define NAME "net3"
#define UID 996
#define GID 996
#define PORT 2996

/*
* Extract a null terminated string from the buffer
*/

int get_string(char **result, unsigned char *buffer, u_int16_t len)
{
unsigned char byte;

byte = *buffer;

if(byte > len) errx(1, "badly formed packet");
*result = malloc(byte);
strcpy(*result, buffer + 1);

return byte + 1;
}

/*
* Check to see if we can log into the host
*/

int login(unsigned char *buffer, u_int16_t len)
{
char *resource, *username, *password;
int deduct;
int success;

if(len < 3) errx(1, "invalid login packet length");

resource = username = password = NULL;

deduct = get_string(&resource, buffer, len);
deduct += get_string(&username, buffer+deduct, len-deduct);
deduct += get_string(&password, buffer+deduct, len-deduct);

success = 0;
success |= strcmp(resource, "net3");
success |= strcmp(username, "awesomesauce");
success |= strcmp(password, "password");

free(resource);
free(username);
free(password);

return ! success;
}

void send_string(int fd, unsigned char byte, char *string)
{
struct iovec v[3];
u_int16_t len;
int expected;

len = ntohs(1 + strlen(string));

v[0].iov_base = &len;
v[0].iov_len = sizeof(len);

v[1].iov_base = &byte;
v[1].iov_len = 1;

v[2].iov_base = string;
v[2].iov_len = strlen(string);

expected = sizeof(len) + 1 + strlen(string);

if(writev(fd, v, 3) != expected) errx(1, "failed to write correct amount of bytes");

}

void run(int fd)
{
u_int16_t len;
unsigned char *buffer;
int loggedin;

while(1) {
nread(fd, &len, sizeof(len));
len = ntohs(len);
buffer = malloc(len);

if(! buffer) errx(1, "malloc failure for %d bytes", len);

nread(fd, buffer, len);

switch(buffer[0]) {
case 23:
loggedin = login(buffer + 1, len - 1);
send_string(fd, 33, loggedin ? "successful" : "failed");
break;

default:
send_string(fd, 58, "what you talkin about willis?");
break;
}
}
}

int main(int argc, char **argv, char **envp)
{
int fd;
char *username;

/* Run the process as a daemon */
background_process(NAME, UID, GID);

/* Wait for socket activity and return */
fd = serve_forever(PORT);

/* Set the client socket to STDIN, STDOUT, and STDERR */
set_io(fd);

/* Don't do this :> */
srandom(time(NULL));

run(fd);
}

乍一看,好長的代碼~~~但是還是得看~~~:-)
程序先讀一個長度,這個長度就是待會客戶端即將發過來的字符串的長度,第二次讀時獲取一個字符串,首先先判斷第一個字符的值是否為23,是則繼續
然后分析get_string()函數,先讀第一個字符,也是長度的意思,然后取出該長度的字符保存在那指針里面,如果三次取出的字符分別是net3,awesomesauce,password的話即可success。
以下是代碼:

#!/usr/bin/env python


from socket import *
from struct import *
from optparse import OptionParser
import select

def main(hostname,port):
s = socket(AF_INET,SOCK_STREAM)
s.connect((hostname,port))

send_str = ("\x17"
"\x05net3\x00"
"\x0dawesomesauce\x00"
"\x09password\x00")

send_len = len(send_str)
s.send(pack(">H", send_len))
s.send(send_str)

print s.recv(1024)

s.close()


if __name__=="__main__":
parse = OptionParser("usage: %prog [options]")
parse.add_option("-H",dest="hostname",default="127.0.0.1",type="string",help="The ip of the target")
parse.add_option("-P",dest="port",default=2996,type="int",help="The port of the host")

(options,args)=parse.parse_args()

main(options.hostname,options.port)

運行結果:
Protostar net3


向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

莫力| 建德市| 德庆县| 吉首市| 怀远县| 台南县| 梅州市| 玛曲县| 汝州市| 林周县| 丰台区| 泰安市| 临湘市| 合川市| 九龙县| 佛学| 阿巴嘎旗| 双峰县| 上林县| 兴山县| 龙门县| 嘉荫县| 太仆寺旗| 正蓝旗| 凤山市| 遵义县| 内黄县| 淳安县| 洛川县| 滕州市| 延寿县| 武胜县| 胶州市| 基隆市| 新密市| 绥德县| 普宁市| 禄丰县| 金山区| 佛冈县| 年辖:市辖区|