Wednesday, June 11, 2008

OverTheWire.org

Holy crap, I finally found a pretty decent root-this-box type of wargames site. I've done most of the Hackthissite.org challenges, they are decent but don't teach you the essentials in reversing. Even the application challenges are more about cracking rather than popping a shell. So while reading through a phrack article, there was a link to http://www.overthewire.org/ As it turns out, this is a pretty nice place to practice and learn, there are no tutorials, very minimal comments, and the challenges are damn tricky. I'm stuck on Level 3 currently, Level 2 was a huge "Oh DUH" Linux syntax thing. You have full access to their SSH, they run a pretty decent stack overflow prevention program, so most of the exploits you wind up doing are based on some if condition, or overwriting the frame or something. No EIP pwnage here, but still some pretty brutal challenges.

http://www.overthewire.org/node/399 if you get stuck on Level0 and need help. I tried writing this thing in Python, but with no luck. I had to make a few modifications to get this working with Winsock2 rather than Netdb, here's the code I used.



#include <winsock2.h>
#include <stdlib.h>
#include <stdio.h>

// Need to link with Ws2_32.lib, Mswsock.lib, and Advapi32.lib

#define DEFAULT_BUFLEN 37
#define PORT 5842
#define IP "69.55.233.89"

int main(int argc, char **argv)
{
   WSADATA wsaData;
   SOCKET ConnectSocket = INVALID_SOCKET;
   struct sockaddr_in s;
   int a,b,c,d;
   int x;
   char xc[128];
   char recvbuf[DEFAULT_BUFLEN];
   int iResult;

   // Initialize Winsock
   iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
   if (iResult != 0) {
       printf("WSAStartup failed: %d\n", iResult);
       return 1;
   }

   ConnectSocket = socket(PF_INET, SOCK_STREAM,0);
   s.sin_family = AF_INET;
   s.sin_port = htons(PORT);
   s.sin_addr.s_addr = inet_addr(IP);

   connect( ConnectSocket,(SOCKADDR*) &s, sizeof(s));

   recv(ConnectSocket,(char*)&a,sizeof(unsigned int),0);
   recv(ConnectSocket,(char*)&b,sizeof(unsigned int),0);
   recv(ConnectSocket,(char*)&c,sizeof(unsigned int),0);
   recv(ConnectSocket,(char*)&d,sizeof(unsigned int),0);

   printf("A = %d, B = %d, C = %d, D = %d\n",a,b,c,d);

   x = a+b+c+d;

   printf("Sum=%i\n",x);

   send(ConnectSocket,(const char*)&x,sizeof(int),0);

   recv(ConnectSocket, recvbuf, DEFAULT_BUFLEN, 0);

   printf("Answer = %s", recvbuf);

   // cleanup
   closesocket(ConnectSocket);
   WSACleanup();

   return 0;
}

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)