Vortex0

Network Programming

Posted by CJ on November 14, 2017

I have been recently wanting to do some reverse engineering tasks which are one of the most common types of tasks given in any ctf competitions. I looked up some sites to practice this type of exploitation, and most of them suggested I start with Vortex from overthewire.com, which is a wargame site with a lot of exciting challegenes, and so here I am.

Link to vortex 0: http://overthewire.org/wargames/vortex/vortex0.html
Link to reading material: http://beej.us/guide/bgnet/

The above given material is one of the best guides I have ever read. I has got everything to grab and keep your attention. It is very detail oriented and has a lot of jokes so that you don't get bored.

Now, to the problem. We are asked to connect to port 5842 on host "vortex.labs.overthewire.org" and get 4 unsigned bytes in host byte order, which is later given as having little endian architecture(Least significant byte is put first in memory)

I used python program to connect to the host using the following code.

              
                import socket
                from struct import *

                s = socket.socket()

                host =  "vortex.labs.overthewire.org"

                port = 5842

                s.connect((host, port))   #1

                sum = 0

                for i in range(4):        #2
                    data = s.recv(4)
                    sum += unpack("<I", data)[0]

                s.send(pack("<I", sum))  #3

                print s.recv(1024)  #4

                s.close()
              
            
  • 1. Socket tries to establish a connection to given host name and port name. Note: The double parenthesis is passing the value as a touple, i.e. a single argument to connect function.
    2. For four iterations, 'data' receives 4 bytes of value in little endian format. Note: data is not in array form. We then unpack it. The '<' symbol represents little endian format, and I represents unsigned int. [0] is to represnt first element of the array, which is the only element of the array.
    3. We then send back the sum to the server as asked in the same little endian form, using pack function.
    4. As promised, we are returned with the username and password for vortex1.

Username: vortex1 Password: ********
* is not the actual password