pong

pwn-pong/README.md

@@ -0,0 +1,21 @@
+## PONG
+
+* Level 1: So much pixels and fun!
+
+* Level 2: Ready for another match? :P
+
+## How to run
+
+In the `deployed` folder, there is the pre-built challenge. Pong has a client as well :) You can find the client in the `pong_client` folder.
+
+During the CTF, we deployed the executable `pong`, and you connected to it using the client, i.e., `./pong_client pong.chall.polictf.it 31337`. You could download all the servers’ binaries (the server and the two levels) and the client.
+
+## How to build
+
+See `build.sh` 
+
+## How to solve
+
+*** SPOILER ALERT ***
+
+You can find the exploits in the `solution` folder.

pwn-pong/build.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+cd src
+printf "${RED}[*] Compiling level1${NC}\n"
+cd server_udp_level1
+make
+printf "${RED}[*] Compiling level2${NC}\n"
+cd ..
+cd server_udp_level2
+make
+
+cd ..
+
+printf "${RED}[*] Compiling server_fork${NC}\n"
+
+cd server_fork
+make
+
+printf "${RED}[*] Done${NC}\n"
+printf "${RED}[*] Creating \"deployed\" folder${NC}\n"
+
+chmod +x server_fork
+chmod +x level1/level1
+chmod +x level2/level2
+
+cd ..
+cd ..
+rm -rf deployed
+rm -rf to_give
+cp -rf src/server_fork deployed
+rm deployed/server_fork.c
+rm deployed/makefile
+
+printf "${RED}[*] Creating \"to_give\" folder${NC}\n"
+cp -rf deployed/ to_give/
+cd to_give
+rm level1/flag
+rm level2/flag
+
+cp -rf ../pong_client ./pong_client
+cd pong_client
+rm -rf project
+
+
+printf "${RED}[*] Server build done${NC}\n"

pwn-pong/pong_client/project/library_needed.txt

@@ -0,0 +1,4 @@
+libsdl1.2
+libsdl-image1.2
+libsdl-mixer1.2
+libsdl-ttf2.0-0

pwn-pong/pong_client/project/makefile

@@ -0,0 +1,20 @@
+CFLAGS = -Wall -Werror 
+LFLAGS = `sdl-config --libs` -lSDL -lSDL_image -lSDL_mixer -lSDL_ttf /usr/local/lib/libuv.a -pthread
+OBJS   = bullet.o collisions.o draw.o entity.o font.o init.o input.o graphics.o main.o player_1.o player_2.o ufo.o
+PROG = pong
+CXX = gcc
+
+# top-level rule to create the program.
+all: $(PROG)
+
+# compiling other source files.
+%.o: src/%.c src/%.h src/defs.h src/structs.h
+	$(CXX) $(CFLAGS) -c -s $<
+
+# linking the program.
+$(PROG): $(OBJS)
+	$(CXX) $(OBJS) -o $(PROG) $(LFLAGS)
+
+# cleaning everything that can be automatically recreated with "make".
+clean:
+	rm $(PROG) *.o

pwn-pong/pong_client/project/nbproject/configurations.xml

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="97">
+  <logicalFolder name="root" displayName="root" projectFiles="true" kind="ROOT">
+    <df root="." name="0">
+      <df name="src">
+        <in>bullet.c</in>
+        <in>collisions.c</in>
+        <in>draw.c</in>
+        <in>entity.c</in>
+        <in>font.c</in>
+        <in>graphics.c</in>
+        <in>init.c</in>
+        <in>input.c</in>
+        <in>main.c</in>
+        <in>player_1.c</in>
+        <in>player_2.c</in>
+        <in>ufo.c</in>
+      </df>
+    </df>
+    <logicalFolder name="ExternalFiles"
+                   displayName="Important Files"
+                   projectFiles="false"
+                   kind="IMPORTANT_FILES_FOLDER">
+      <itemPath>makefile</itemPath>
+    </logicalFolder>
+  </logicalFolder>
+  <sourceFolderFilter>^(nbproject)$</sourceFolderFilter>
+  <sourceRootList>
+    <Elem>.</Elem>
+  </sourceRootList>
+  <projectmakefile>makefile</projectmakefile>
+  <confs>
+    <conf name="Default" type="0">
+      <toolsSet>
+        <compilerSet>default</compilerSet>
+        <dependencyChecking>false</dependencyChecking>
+        <rebuildPropChanged>false</rebuildPropChanged>
+      </toolsSet>
+      <codeAssistance>
+      </codeAssistance>
+      <makefileType>
+        <makeTool>
+          <buildCommandWorkingDir>.</buildCommandWorkingDir>
+          <buildCommand>${MAKE} -f makefile</buildCommand>
+          <cleanCommand>${MAKE} -f makefile clean</cleanCommand>
+          <executablePath>pong</executablePath>
+          <cTool>
+            <incDir>
+              <pElem>.</pElem>
+            </incDir>
+          </cTool>
+        </makeTool>
+        <preBuild>
+          <preBuildCommandWorkingDir>.</preBuildCommandWorkingDir>
+          <preBuildCommand></preBuildCommand>
+        </preBuild>
+      </makefileType>
+      <item path="src/bullet.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/collisions.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/draw.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/entity.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/font.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/graphics.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/init.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/input.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/main.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/player_1.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/player_2.c" ex="false" tool="0" flavor2="0">
+      </item>
+      <item path="src/ufo.c" ex="false" tool="0" flavor2="0">
+      </item>
+    </conf>
+  </confs>
+</configurationDescriptor>

pwn-pong/pong_client/project/nbproject/private/CodeAssistancePathMapper.properties

@@ -0,0 +1 @@
+# Automatic path mapper. CRC = 1

pwn-pong/pong_client/project/nbproject/private/Default-build.log

@@ -0,0 +1,8 @@
+gcc -Wall -pedantic -Werror -c -s src/audio.c
+src/audio.c: In function ‘playSound’:
+src/audio.c:24:6: error: type of ‘index’ defaults to ‘int’ [-Werror=implicit-int]
+ void playSound(index)
+      ^
+cc1: all warnings being treated as errors
+makefile:12: recipe for target 'audio.o' failed
+make: *** [audio.o] Error 1

pwn-pong/pong_client/project/nbproject/private/Default-exec.log

@@ -0,0 +1,10 @@
+called: gcc
+	/home/giosch/Downloads/tutorial_07
+	gcc
+	-Wall
+	-pedantic
+	-Werror
+	-c
+	-s
+	src/audio.c
+

pwn-pong/pong_client/project/nbproject/private/Default.properties

@@ -0,0 +1,12 @@
+/home/giosch/Downloads/tutorial_07/src/graphics.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/graphics.c
+/home/giosch/Downloads/tutorial_07/src/draw.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/draw.c
+/home/giosch/Downloads/tutorial_07/src/audio.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/audio.c
+/home/giosch/Downloads/tutorial_07/src/entity.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/entity.c
+/home/giosch/Downloads/tutorial_07/src/bullet.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/bullet.c
+/home/giosch/Downloads/tutorial_07/src/input.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/input.c
+/home/giosch/Downloads/tutorial_07/src/collisions.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/collisions.c
+/home/giosch/Downloads/tutorial_07/src/player.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/player.c
+/home/giosch/Downloads/tutorial_07/src/init.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/init.c
+/home/giosch/Downloads/tutorial_07/src/main.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/main.c
+/home/giosch/Downloads/tutorial_07/src/ufo.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/ufo.c
+/home/giosch/Downloads/tutorial_07/src/font.c=/home/giosch/Downloads/tutorial_07#-Wall -pedantic -Werror -c -s src/font.c

pwn-pong/pong_client/project/nbproject/private/configurations.xml

@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configurationDescriptor version="97">
+  <logicalFolder name="root" displayName="root" projectFiles="true" kind="ROOT">
+    <df root="." name="0">
+      <df name="font">
+      </df>
+      <df name="gfx">
+      </df>
+      <df name="sound">
+      </df>
+      <df name="src">
+        <in>bullet.c</in>
+        <in>bullet.h</in>
+        <in>collisions.c</in>
+        <in>collisions.h</in>
+        <in>defs.h</in>
+        <in>draw.c</in>
+        <in>draw.h</in>
+        <in>entity.c</in>
+        <in>entity.h</in>
+        <in>font.c</in>
+        <in>font.h</in>
+        <in>graphics.c</in>
+        <in>graphics.h</in>
+        <in>init.c</in>
+        <in>init.h</in>
+        <in>input.c</in>
+        <in>input.h</in>
+        <in>main.c</in>
+        <in>main.h</in>
+        <in>player_1.c</in>
+        <in>player_1.h</in>
+        <in>player_2.c</in>
+        <in>player_2.h</in>
+        <in>structs.h</in>
+        <in>ufo.c</in>
+        <in>ufo.h</in>
+      </df>
+    </df>
+  </logicalFolder>
+  <projectmakefile>makefile</projectmakefile>
+  <confs>
+    <conf name="Default" type="0">
+      <toolsSet>
+        <developmentServer>localhost</developmentServer>
+        <platform>2</platform>
+      </toolsSet>
+      <compile>
+        <compiledirpicklist>
+          <compiledirpicklistitem>.</compiledirpicklistitem>
+          <compiledirpicklistitem>${AUTO_FOLDER}</compiledirpicklistitem>
+        </compiledirpicklist>
+        <compiledir>${AUTO_FOLDER}</compiledir>
+        <compilecommandpicklist>
+          <compilecommandpicklistitem>${MAKE} ${ITEM_NAME}.o</compilecommandpicklistitem>
+          <compilecommandpicklistitem>${AUTO_COMPILE}</compilecommandpicklistitem>
+        </compilecommandpicklist>
+        <compilecommand>${AUTO_COMPILE}</compilecommand>
+      </compile>
+      <dbx_gdbdebugger version="1">
+        <gdb_pathmaps>
+        </gdb_pathmaps>
+        <gdb_interceptlist>
+          <gdbinterceptoptions gdb_all="false" gdb_unhandled="true" gdb_unexpected="true"/>
+        </gdb_interceptlist>
+        <gdb_options>
+          <DebugOptions>
+            <option name="debug_command" value="${OUTPUT_PATH} 127.0.0.1 4242"/>
+          </DebugOptions>
+        </gdb_options>
+        <gdb_buildfirst gdb_buildfirst_overriden="false" gdb_buildfirst_old="false"/>
+      </dbx_gdbdebugger>
+      <nativedebugger version="1">
+        <engine>gdb</engine>
+      </nativedebugger>
+      <runprofile version="9">
+        <runcommandpicklist>
+          <runcommandpicklistitem>"${OUTPUT_PATH}"</runcommandpicklistitem>
+          <runcommandpicklistitem>"${OUTPUT_PATH}" 127.0.0.1</runcommandpicklistitem>
+          <runcommandpicklistitem>"${OUTPUT_PATH}" 52.49.243.201</runcommandpicklistitem>
+        </runcommandpicklist>
+        <runcommand>"${OUTPUT_PATH}" 52.49.243.201</runcommand>
+        <rundir>.</rundir>
+        <buildfirst>false</buildfirst>
+        <terminal-type>0</terminal-type>
+        <remove-instrumentation>0</remove-instrumentation>
+        <environment>
+        </environment>
+      </runprofile>
+    </conf>
+  </confs>
+</configurationDescriptor>

pwn-pong/pong_client/project/nbproject/private/launcher.properties

@@ -0,0 +1,40 @@
+# Launchers File syntax:
+#
+# [Must-have property line] 
+# launcher1.runCommand=<Run Command>
+# [Optional extra properties] 
+# launcher1.displayName=<Display Name, runCommand by default>
+# launcher1.buildCommand=<Build Command, Build Command specified in project properties by default>
+# launcher1.runDir=<Run Directory, ${PROJECT_DIR} by default>
+# launcher1.symbolFiles=<Symbol Files loaded by debugger, ${OUTPUT_PATH} by default>
+# launcher1.env.<Environment variable KEY>=<Environment variable VALUE>
+# (If this value is quoted with ` it is handled as a native command which execution result will become the value)
+# [Common launcher properties]
+# common.runDir=<Run Directory>
+# (This value is overwritten by a launcher specific runDir value if the latter exists)
+# common.env.<Environment variable KEY>=<Environment variable VALUE>
+# (Environment variables from common launcher are merged with launcher specific variables)
+# common.symbolFiles=<Symbol Files loaded by debugger>
+# (This value is overwritten by a launcher specific symbolFiles value if the latter exists)
+#
+# In runDir, symbolFiles and env fields you can use these macroses:
+# ${PROJECT_DIR}    -   project directory absolute path
+# ${OUTPUT_PATH}    -   linker output path (relative to project directory path)
+# ${OUTPUT_BASENAME}-   linker output filename
+# ${TESTDIR}        -   test files directory (relative to project directory path)
+# ${OBJECTDIR}      -   object files directory (relative to project directory path)
+# ${CND_DISTDIR}    -   distribution directory (relative to project directory path)
+# ${CND_BUILDDIR}   -   build directory (relative to project directory path)
+# ${CND_PLATFORM}   -   platform name
+# ${CND_CONF}       -   configuration name
+# ${CND_DLIB_EXT}   -   dynamic library extension
+#
+# All the project launchers must be listed in the file!
+#
+# launcher1.runCommand=...
+# launcher2.runCommand=...
+# ...
+# common.runDir=...
+# common.env.KEY=VALUE
+
+# launcher1.runCommand=<type your run command here>

pwn-pong/pong_client/project/nbproject/private/private.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-private xmlns="http://www.netbeans.org/ns/project-private/1">
+    <code-assistance-data xmlns="http://www.netbeans.org/ns/make-project-private/1">
+        <code-model-enabled>true</code-model-enabled>
+    </code-assistance-data>
+    <data xmlns="http://www.netbeans.org/ns/make-project-private/1">
+        <activeConfTypeElem>0</activeConfTypeElem>
+        <activeConfIndexElem>0</activeConfIndexElem>
+    </data>
+    <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/2" lastBookmarkId="0"/>
+    <open-files xmlns="http://www.netbeans.org/ns/projectui-open-files/2">
+        <group/>
+    </open-files>
+</project-private>

pwn-pong/pong_client/project/nbproject/project.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://www.netbeans.org/ns/project/1">
+    <type>org.netbeans.modules.cnd.makeproject</type>
+    <configuration>
+        <data xmlns="http://www.netbeans.org/ns/make-project/1">
+            <name>pong_client</name>
+            <c-extensions>c</c-extensions>
+            <cpp-extensions/>
+            <header-extensions>h</header-extensions>
+            <sourceEncoding>UTF-8</sourceEncoding>
+            <make-dep-projects/>
+            <sourceRootList>
+                <sourceRootElem>.</sourceRootElem>
+            </sourceRootList>
+            <confList>
+                <confElem>
+                    <name>Default</name>
+                    <type>0</type>
+                </confElem>
+            </confList>
+            <formatting>
+                <project-formatting-style>false</project-formatting-style>
+            </formatting>
+        </data>
+    </configuration>
+</project>

pwn-pong/pong_client/project/peda-session-pong.txt

@@ -0,0 +1,5 @@
+
+
+
+
+

pwn-pong/pong_client/project/save.txt

@@ -0,0 +1 @@
+sdl-config --libs