diff --git a/Task pwn01/pwn01.zip b/Task pwn01/pwn01.zip deleted file mode 100644 index e44f90a..0000000 Binary files a/Task pwn01/pwn01.zip and /dev/null differ diff --git a/Task pwn01/question.png b/Task pwn01/question.png deleted file mode 100644 index 0c01f84..0000000 Binary files a/Task pwn01/question.png and /dev/null differ diff --git a/Task pwn02/week02/easy/check_interface.py b/Task pwn02/week02/easy/check_interface.py deleted file mode 100644 index c3be214..0000000 --- a/Task pwn02/week02/easy/check_interface.py +++ /dev/null @@ -1,17 +0,0 @@ -import netifaces - - -def print_ethernet_interfaces(): - """Prints all Ethernet interfaces and their IP addresses.""" - - interfaces = netifaces.interfaces() - for interface in interfaces: - addresses = netifaces.ifaddresses(interface) - if netifaces.AF_INET in addresses: - for addr in addresses[netifaces.AF_INET]: - ip_address = addr["addr"] - print(f"Interface: {interface}, IP Address: {ip_address}") - - -if __name__ == "__main__": - print_ethernet_interfaces() diff --git a/Task pwn02/week02/easy/client.py b/Task pwn02/week02/easy/client.py deleted file mode 100644 index 485cad6..0000000 --- a/Task pwn02/week02/easy/client.py +++ /dev/null @@ -1,87 +0,0 @@ -import hashlib -import logging -import time - -import threading - -from scapy.config import conf -from scapy.layers.inet import TCP, IP -from scapy.packet import Packet -from scapy.sendrecv import send, sniff - -from random import randrange - -log = logging.getLogger(__name__) -TCP_CLIENTS = {} # ((IP, port) -> [sent_packets]) - -# SERVER_IP = '131.159.15.68' # don't use the domain name in this case -SERVER_IP = '127.0.0.1' # don't use the domain name in this case -SERVER_PORT = 20102 -COOKIE_SECRET = 'TASTY_COOKIES123' - -SRC_PORT = randrange(10000, 50000) - -def generate_syn_cookie(client_ip: str, client_port: int, server_secret: str): - # TODO: please implement me! - hash_input = f'{client_ip}{client_port}{server_secret}'.encode() - return int(hashlib.sha256(hash_input).hexdigest(), 16) % (2**32) - - -def handle_packet(packet: Packet): - # TODO: please implement me! - if packet.haslayer(TCP) and packet[TCP].dport == SRC_PORT and "S" == packet[TCP].flags: - server_seq = packet[TCP].seq - ip = IP(dst=SERVER_IP) - ack = TCP(sport=SRC_PORT, dport=SERVER_PORT, flags='A', seq=packet[TCP].ack, ack=1337) - send(ip / ack) - print("Sent ACK packet with modified ACK number:", server_seq) - - - - -# Function to send the initial SYN packet -def send_initial_syn(): - # Generate the SYN cookie - cookie = generate_syn_cookie(SERVER_IP, SERVER_PORT, COOKIE_SECRET) - - # Construct the IP and TCP layers - ip = IP(dst=SERVER_IP) - syn = TCP(sport=SRC_PORT, dport=SERVER_PORT, flags='S', seq=cookie) - - # Send the packet - send(ip / syn) - print("Sent initial SYN packet with cookie:", cookie) - - -# Function to start the packet sniffing -def start_sniffing(): - sniff( - filter=f'tcp port {SERVER_PORT}', # this should filter all packets relevant for this challenge. - prn=handle_packet, - store=False, - monitor=True, - iface='lo', # set to your interface. IMPORTANT: SET TO enX0 FOR AUTOGRADER!!! - ) - -COOKIE = generate_syn_cookie(SERVER_IP, SERVER_PORT, COOKIE_SECRET) - -# Run the server in a separate thread -def main(): - conf.use_pcap = False - server_thread = threading.Thread(target=start_sniffing) - server_thread.start() - - time.sleep(3) # wait for the sniffer to start. - - # TODO: send intial first byte - send_initial_syn() - -if __name__ == '__main__': - logging.basicConfig( - level=logging.INFO, - format='%(asctime)s %(levelname)s [%(module)s:%(lineno)d] %(message)s', - ) - - logging.getLogger('asyncio').setLevel(logging.WARNING) - - main() diff --git a/Task pwn02/week02/easy/description/description.pdf b/Task pwn02/week02/easy/description/description.pdf deleted file mode 100644 index 1d55630..0000000 Binary files a/Task pwn02/week02/easy/description/description.pdf and /dev/null differ diff --git a/Task pwn02/week02/easy/server.py b/Task pwn02/week02/easy/server.py deleted file mode 100644 index 5b41f00..0000000 --- a/Task pwn02/week02/easy/server.py +++ /dev/null @@ -1,138 +0,0 @@ -import hashlib -import logging -import subprocess - -import threading - -from scapy.config import conf -from scapy.layers.inet import TCP, IP -from scapy.packet import Packet -from scapy.sendrecv import send, sniff - -log = logging.getLogger(__name__) -TCP_CLIENTS = {} # ((IP, port) -> [sent_packets]) - -# SERVER_IP = '131.159.15.68' # TODO -SERVER_IP = '127.0.0.1' -SERVER_PORT = 20102 -COOKIE_SECRET = 'TASTY_COOKIES123' -INITIAL_SEQ = 1337 - - -# The cookie is calculated by first taking the sha256 hash of (clientIP || clientPort || serverSecret) and then -# converting the hex digest to an integer -# The cookie is then this result modulo 2^32 to fit the 32-bit field -def generate_syn_cookie(client_ip: str, client_port: int, server_secret: str): - hash_input = f'{client_ip}{client_port}{server_secret}'.encode() - return int(hashlib.sha256(hash_input).hexdigest(), 16) % (2**32) - - -def get_initial_syn(ip, port, ack) -> Packet: - ip = IP(dst=ip) - syn = TCP(sport=SERVER_PORT, dport=port, flags='SA', seq=INITIAL_SEQ, ack=ack) - return ip / syn - - -def get_rst(ip, port, ack) -> Packet: - ip = IP(dst=ip) - syn = TCP(sport=SERVER_PORT, dport=port, flags='R', seq=INITIAL_SEQ, ack=ack) - return ip / syn - - -def handle_packet(packet: Packet): - print("Received a packet on the server:", packet.summary()) - if packet.haslayer(TCP) and packet[TCP].dport == SERVER_PORT: - if 'F' in packet[TCP].flags or 'R' in packet[TCP].flags: - print('Received FIN or Reset packet:', packet.summary()) - if (packet[IP].src, packet[TCP].sport) in TCP_CLIENTS: - del TCP_CLIENTS[(packet[IP].src, packet[TCP].sport)] - return - - print('Received packet:', packet.summary()) - - # Extract the TCP layer - tcp_layer = packet[TCP] - src_ip = packet[IP].src - src_port = tcp_layer.sport - seq = packet[TCP].seq - ack = packet[TCP].ack - - expected_cookie = generate_syn_cookie(SERVER_IP, SERVER_PORT, COOKIE_SECRET) - - if (src_ip, src_port) not in TCP_CLIENTS: - print('New client:', src_ip, src_port, seq) - # first packet from client to initiate handshake - - - if (not 'S' in packet[TCP].flags) or (not packet[TCP].seq == expected_cookie): - print(f'Invalid cookie {seq}, expected {expected_cookie}') - rst = get_rst(src_ip, src_port, seq) - send(rst) - else: - TCP_CLIENTS[(src_ip, src_port)] = 1 - initial_syn = get_initial_syn(src_ip, src_port, seq) - - print(f'Cookie {expected_cookie} and packet is correct') - print(f'Sending packet: {initial_syn.summary()}') - send(initial_syn) - - else: - if ('S' in packet[TCP].flags): - print("S in flag") - if (not ack == INITIAL_SEQ): - print(ack) - print("acak and seq different") - if (not seq == expected_cookie): - print("seq cookie") - if ('S' in packet[TCP].flags) or (not seq == expected_cookie) or (not ack == INITIAL_SEQ): - print(f'Invalid cookie {seq}, expected {expected_cookie}') - rst = get_rst(src_ip, src_port, seq) - send(rst) - else: - print(f'Cookie {expected_cookie} and packet is again correct') - - flag = "ALL GOOD BROTHER" - ip = IP(dst=src_ip) - syn_ack = TCP( - sport=SERVER_PORT, - dport=src_port, - flags='A', - seq=ack, - ack=seq, - ) / flag - - send(ip / syn_ack) - - del TCP_CLIENTS[(src_ip, src_port)] - - -# Function to start the packet sniffing -def start_sniffing(): - print('Starting TCP server on port:', SERVER_PORT) - sniff( - filter=f'tcp port {SERVER_PORT}', - prn=handle_packet, - store=False, - monitor=True, - iface='lo', - ) - - -# Run the server in a separate thread -def main(): - conf.use_pcap = False - print("Server is starting...") # Added print statement - server_thread = threading.Thread(target=start_sniffing) - server_thread.start() - - -if __name__ == '__main__': - logging.basicConfig( - level=logging.INFO, - format='%(asctime)s %(levelname)s [%(module)s:%(lineno)d] %(message)s', - ) - - # "INFO:asyncio:poll took 25.960 seconds" is annyoing - logging.getLogger('asyncio').setLevel(logging.WARNING) - - main() diff --git a/Task pwn01/week01/client.py b/week01/client.py similarity index 62% rename from Task pwn01/week01/client.py rename to week01/client.py index 0a02757..20d5eb4 100644 --- a/Task pwn01/week01/client.py +++ b/week01/client.py @@ -1,7 +1,7 @@ import socket # Fill in the right target here -HOST = 'localhost' # TODO +HOST = 'netsec.net.in.tum.de' # TODO PORT = 20001 # TODO @@ -12,9 +12,13 @@ def get_flag(): sf = s.makefile('rw') # we use a file abstraction for the sockets print(sf.readline().rstrip('\n')) - sf.write('Hello World\n') + sf.write('admin\n') sf.flush() - + print(sf.readline().rstrip('\n')) + sf.write('password\n') + sf.flush() + print(sf.readline().rstrip('\n')) + print(sf.readline().rstrip('\n')) sf.close() s.close() diff --git a/Task pwn01/week01/server.py b/week01/server.py similarity index 100% rename from Task pwn01/week01/server.py rename to week01/server.py diff --git a/Task pwn02/week02 2/hard/client.py b/week02/hard/client.py similarity index 100% rename from Task pwn02/week02 2/hard/client.py rename to week02/hard/client.py diff --git a/Task pwn02/week02 2/hard/description/description.pdf b/week02/hard/description/description.pdf similarity index 100% rename from Task pwn02/week02 2/hard/description/description.pdf rename to week02/hard/description/description.pdf