scripts

remote

#!/bin/bash

# ./remote server port 'menu string'

touch "$1" || (echo "Cannot create file named $1" && exit 1)
exec > "$1"
echo 'from pwn import *'
echo ''
echo -e "HOST, PORT = \"$2\", \"$3\""
if [ ! -n "$HOST" ]; then HOST=0.0.0.0; fi
echo 'HOST, PORT = "'$HOST'", 31338'
echo 'r = remote(HOST, PORT)'
echo
if [ -n "$4" ]; then
	echo "menu = lambda: r.recvuntil(\"$4\")"
fi
echo 'ii = lambda x: r.sendline(str(x))'
echo 'go = lambda x: (menu(), ii(x))[0]'
echo 'Created '"$1" >&2

socat.c

// strace -fi ./socat 31338 ./challenge

#include <sys/socket.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <arpa/inet.h>
#include <strings.h>
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <stdlib.h>
#include <signal.h>

void handler(int signo) {
    wait(NULL);
}

int main(int argc, char **argv, char **envp) {
    char buf[256];
    int sockfd = socket(2, 1, 0);
    struct sockaddr_in addr;
    int size = sizeof(addr);
    int pid;
    unsigned int port;
    int opt;

    signal(SIGCHLD, handler);

    opt = 1;
    setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
    setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, &opt, sizeof(opt));

    bzero(&addr, size);
    addr.sin_addr.s_addr = INADDR_ANY;
    addr.sin_family = 2;

    port = atoi(argv[1]);
    
    addr.sin_port = htons(port);
    if(bind(sockfd, (struct sockaddr *)&addr, size) == -1) {
        perror("bind");
        return -1;
    }
    listen(sockfd, 0);
    while(1) {
        int fd = accept(sockfd, (struct sockaddr *)&addr, &size);
        if(fd == -1) {
            perror("accept");
            return 1;
        }
        if((pid = fork()) == 0) {
            close(sockfd);
            dup2(fd, 0);
            dup2(fd, 1);
            // close(2);
            // open("/dev/null", O_WRONLY);
            close(fd);
            execve(argv[2], &argv[2], envp);
        }
        else {
            close(fd);
            printf("pid: %d\n", pid);
            continue;
        }
    }
}