UGN Security
Posted By: ninji1234 Little Quiz - 06/11/04 01:49 AM
Hi there,
here is a little quiz for you, i hope you can break it out, enjoy.

Here we go:

It was known, that at one server (bolero) runs a program exchanging secret messages. The client file in order to use this service can be seen here client.c

The client muss type the username and one-time-password, which sent unencrypted and can not be used for the next time.

Meanwhile, part of the Authenticationscomponents from the server is known, and unfortunately only three are arrive with SMS, namely:

Code
 #include <sys/socket.h> #include <netinet/in.h> #include <time.h> #define LISTENPORT 12012 #define MAXLINELEN 128 #define PASSLEN 32 void passwd_gen(char *pass) {int i; 
Code
  return; } int main(int argc, char **argv) {int s; int client; struct sockaddr_in addr; socklen_t addrlen;char *str,*str2; FILE *sock;char password[PASSLEN];char line[MAXLINELEN];
Code
 ;read(client,line,MAXLINELEN);if (strncmp (line,"USER QAEDA",10)) {fclose (sock);close (client);continue;}fflush (sock);fprintf(sock,"USER %s OK, SEND PASSWORD\n",line); 
The Mission:
The program in the server is vulnerable.
modify the client in order to get the secret message without any passwort
Posted By: jonconley Re: Little Quiz - 06/11/04 03:10 AM
Don't post topics in multiple forums.
Posted By: Ntd Re: Little Quiz - 06/11/04 11:27 AM
Oooo i love quizs, too bad i have no idea what to do. Could you some how do a goto and skip the password?
© UGN Security Forum