Vortex Level 0

This is a solution guide to the Vortex Level 00 at overthewire. This write-up was created on 09 September 2015. Prompt tells us to do the following tasks:

1. Connect to server on specific port
2. Read in 4 unsigned integers in host byte order
3. Add them together
4. Send back sum

They have given us a hint as well that the machine running the server is a 32bit x86 machine which runs little endian architecture. This is important when reading the raw data stream to determine byte order.

To accomplish this task lets use python.

First lets setup the connection:

• To handle the connection to the server lets import socket {#1}
• To handle the packing and unpacking of messages to/from server lets import struct {#2}
• Set our destination address and port {#4-5}
• Establish the socket {#7}
• Establish the connection {#8}

1
2
3
4
5
6
7
8
import socket
import struct

HOST = 'votex.labs.overthewire.org'
PORT = 5842

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST,PORT))

Receive the data and add them together:

1. Set up a counter for the sum of the four bytes {#1}
2. Per task #2 we need to read in four integers so lets setup the loop {#2}
3. Since the server is a 32-bit system an integer is going to be 4 bytes long so receive those four bytes {#3}
4. Now we need to unpack from little endian to our system format and instead of guessing we will let struct do it for us {#4}

1
2
3
4
total = 0
for x in xrange(0,4,1):
	data = s.recv(4)
	total+= struct.unpack("<I", data)[0]

Send back sum:

1. Take the total and pack it up so the distant end can understand and make sure that it is only 8 bytes {#1}
2. Send the total to the server {#2}
3. Recieve the response {#3}
4. Print the response {#4}
5. Clean up the connection {#6}

1
2
3
4
5
6
total = struct.pack("<I",(total & 0xFFFFFFFF))
s.send(total)
response = s.recv(1000)
print "Recieved: %s" % response

s.close()

Code-without pwntools

The whole code is below:

import socket
import struct

HOST = 'votex.labs.overthewire.org'
PORT = 5842

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST,PORT))
total = 0
for x in xrange(0,4,1):
	data = s.recv(4)
	total+= struct.unpack("<I", data)[0]

total = struct.pack("<I",(total & 0xFFFFFFFF))
s.send(total)
response = s.recv(1000)
print "Recieved: %s" % response

s.close()

Code-with pwntools

I used pwntools to make things easier when dealing with sockets (known as tubes in pwnlib) and ssh. The way this problem is solved is almost identical but with pwnlib it should make it easier in the long run.

from pwn import *

HOST = 'votex.labs.overthewire.org'
PORT = 5842

s = remote(HOST,PORT)

d =0
for x in xrange(0,4,1):
    data = s.recvn(4)
    d+= unpack(data, 32, 'little', False)

d = pack(d & 0xFFFFFFFF, 32, 'little', True)
s.send(d)
response = s.recv(1000)
print "Recieved %s" % response


s.close()