web100 PORT51
题目要求用本机的51端口去访问他的网站。
好吧这是最犯蠢的一个题了。哔了狗了。本来简简单单的一行命令就解决的事儿。最简单的payload
如下:
curl --local-port 51 http://xxxxxxxx
结果最后我写了两份150行代码,因为考虑到现在的库啊什么的都没办法固定本机的端口,所以我想到了C的socket编程,先我在windows下写好之后,连wireshark
抓包抓出来都没问题了,后来再Melody
大神的提醒下,知道校网的NAT产生了影响,所以想到了在VPS
下跑程序就可以,所以又写了一份linux下的代码,贴一下把,如下:
#include<stdio.h>
#include<string.h>
#include<unistd.h>
#include<stdlib.h>
#include<sys/socket.h>
#include<sys/stat.h>
#include<arpa/inet.h>
#include <errno.h>
#define MAXBUF 256
char *request_head = "GET %s HTTP/1.1\r\n"
"Accept: text/html, application/xml, */*\r\nAccept-Language: zh-cn\r\n"
"Accept-Encoding: gzip, deflate\r\nHost: %s:%d\r\n"
"User-Agent: bendawang's Browser <0.1>\r\nConnection: Keep-Alive\r\n\r\n";
#define REMOTE_PORT 32772
#define REMOTE_IP_ADDRESS "103.39.76.105"
#define HTTP_DEF_PORT 32772
#define HTTP_BUF_SIZE 2048
#define HTTP_HOST_LEN 256
#define MAX_CMD_LEN 256
#define MAC_ADDR_LEN 12
#define local_port 51
#define local_ip "XXX.XXX.XXX.XXX" //自己的IP
char MacAddr[MAC_ADDR_LEN+1];
char *url= "/";
char host[HTTP_HOST_LEN] =REMOTE_IP_ADDRESS;
unsigned short port = HTTP_DEF_PORT;
char* join(char *s1, char *s2)
{
char *result =(char *) malloc(strlen(s1)+strlen(s2)+1);
if (result == NULL) exit (1);
strcpy(result, s1);
strcat(result, s2);
return result;
}
int recvn(int s, char* recvbuf, unsigned int fixedlen)
{
int iResult;
int cnt;
cnt = fixedlen;
while ( cnt > 0 ) {
iResult = recv(s, recvbuf, cnt, 0);
if ( iResult < 0 ){
printf("Recieve error!");
return -1;
}
if ( iResult == 0 ){
printf("Connection Closed!\n");
return-1;
}
recvbuf +=iResult;
cnt -=iResult;
}