第一题就花了好久……
首先,获得密码的链接不是ssl。我开始想用命令行来完成,即用netcat。查了下可以通过fifo来交互:
$ rm -f /tmp/f; mkfifo /tmp/f $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f
但问题是怎样取出4个数字相加。我对shell还是不熟,试了半天都没好。
根据题目提示,要用socket编程。于是有下面的代码:
#include <sys/socket.h>#include <stdio.h>#include <arpa/inet.h>#include <unistd.h>#include <netdb.h>#include <string.h>#include <stdlib.h>intmain(intargc,char*argv[]){if(argc!=3){printf("usage: %s <dest> <port>\n",argv[0]);exit(1);}intsockfd=socket(AF_INET,SOCK_STREAM,0);structsockaddr_inservAddr;structhostent*he=gethostbyname(argv[1]);servAddr.sin_family=AF_INET;servAddr.sin_port=htons((uint16_t)atoi(argv[2]));servAddr.sin_addr=*((structin_addr*)he->h_addr);bzero(&(servAddr.sin_zero),8);if(connect(sockfd,(structsockaddr*)&servAddr,sizeof(structsockaddr))==-1){printf("connect error\n");exit(1);}charbuf[128];ssize_tnumRead;unsignedintsum=0;ssize_ttotalRead=0;ssize_ti;while(totalRead<16){if((numRead=recv(sockfd,buf+totalRead,sizeof(buf)-totalRead,0))==-1){printf("error recv\n");exit(1);}printf("read %u bytes\n",numRead);totalRead+=numRead;}unsignedint*number=buf;for(i=0;i<4;++i){printf("get 0x%x\n",number[i]);sum+=number[i];}printf("send 0x%x\n",sum);send(sockfd,&sum,sizeofsum,0);numRead=recv(sockfd,buf,sizeofbuf,0);buf[numRead]=0;printf("received %s\n",buf);close(sockfd);return0;}实际上对方在发送4个整数时,似乎是分两次发的,先发一个,再发3个……于是就一直读直到读了16bytes。 得到密码