Earlier today I decided to take a break from my work on the IO challenges, currently up to level 10 where I thought I had progress but no cigar, at this point is when I learnt about the overthewire.org wargamming group. I was planning on having a crack at the other categories from SmashTheStack but then decided since I had just learnt of OverTheWire why not try it out.
So now on the actual challenge, I decided I would begin with the Vortex category of OverTheWire, the first level begin level 0. The challenge for the level is given below.
Level Goal: Your goal is to connect to port 5842 on vortex.labs.overthewire.org and read in 4 unsigned integers in host byte order. Add these integers together and send back the results to get a username and password for vortex1. This information can be used to log in using SSH. Note: vortex is on an 32bit x86 machine (meaning, a little endian architecture)
This is a basic challenge:
- Connect to the game server.
- The game server sends 4 bytes.
- I have to change the order of the 4 bytes and replay them back to the server.
As I had just participated in the CSAW CTF 2013 Quals event in which one of the exploitation challenges was something similar to this where a couple of bytes were send at the start, so I decided to use the writeups for the challenge as a reference point for my answer for this challenge.
#!/usr/bin/python import socket import struct s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("vortex.labs.overthewire.org" , 5842)) b = 0; for i in range(4): data = s.recv(4) b += struct.unpack("<I", data) s.send(struct.pack("<I",(b & 0xFFFFFFFF))) print s.recv(1024) s.close ()
Using Python I was able to make the following code which connects to a hardcore server address and port number, receives the 4 bytes when connected, changes the order of the bytes based on little endian takes the sum of the bytes and sends them to the target server and waits for the response.
Answer: Username: vortex1 Password: *********