avatarGreg

Summary

This webpage provides tips and techniques for testing non-HTTP network services in CTF challenges, focusing on using Python to interact with TCP sockets and fuzzing services for vulnerabilities.

Abstract

The webpage offers guidance for those interested in CTF challenges, specifically on how to approach attacking non-HTTP network services. It suggests starting with the binary, if available, to understand its structure and operation using tools like strings, objdump, Ghidra, and OllyDbg. The article then discusses using Python's socket library to interact directly with TCP sockets and fuzz the service with different inputs. It provides example code for connecting to a web service and reading from the socket until a delimiter character is reached. The article also mentions the importance of setting up a Python environment using virtualenv or pipenv for testing.

Opinions

  • The article assumes the reader has some knowledge of CTF challenges and working with network services.
  • It emphasizes the importance of understanding the binary's structure and operation before attacking the service.
  • The article encourages the use of Python's socket library for interacting with TCP sockets and fuzzing services.
  • The author recommends using a virtual environment for testing, such as virtualenv or pipenv.
  • The article does not provide a solution for the HackTheBox.eu Little_Tommy challenge, in line with the code of conduct.
  • The author suggests starting with a simple for loop to test for a buffer overflow in the service.
  • The article references Python's socket library documentation and a tutorial for fuzzing VulnServer with Python as additional resources.

Exploiting simple network services in CTF’s

For those of you that enjoy CTF’s here are a few tips on how you can go about testing non HTTP network services.

There are plenty of different services out there to test with, and this is by no means an exhaustive tutorial, but gives you a few tips to get started testing non HTTP based services.

So how could we approach attacking these services?

In CTF challenges where you are given the binary it can make like alot easier as you can decompile the software to understand its structure and how the binary operates.

Initially you may start with:

  • running strings to identify readable text within the binary.
  • Extracting the binary (depending on its format) using tools such as objdump, NSA's Ghindra framework, OllyDbg etc.

Then use the insights you gain from debugging the code locally to understand how the software is operating.

Typically in the case of CTF’s these binaries won’t contain the flag you want to capture, but have the same program structure so that you can build a network based attack.

Once you have an initial understanding run the binary and debug with GDB. ExploitDB has a quick primer

  • Examine the behaviour with different inputs
  • Walk through the logical functionality of the program

If you don’t have access to the binary you may need to start with the socket service and develop your knowledge in a more automated way. You can use the same approach with a local binary or network service.

Using python to test the service

Python provides the socket to interact directly with TCP sockets.

It is also possible to treat the socket as a file like object. This can be useful if you have a copy of a binary to decompile and examine and a webservice that you are testing such as in HackTheBox.eu Little_Tommy challenge where you are provided with a binary that you can reverse and a webservice to attack that is running said binary.

With this knowledge you can quickly start to test the service and fuzz for vulnerabilities.

In line with the code of conduct on HackTheBox the solution isn’t here for the challenge, but the tools and techniques apply.

First off setup your python environment. Since this is a simple task using pipenv may be an overkill, but i’d recommend using a virtualenv at the very least.

Once you have your environment setup you can connect to the webservice. E.g.

import socket
def connect(server, port):
    # open a connection to vulnserver
    s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
    s.connect ((server, port))
    return s
def read_until(s, delim=b':'):
    buf = b''
    while not buf.endswith(delim):
        buf += s.recv(1)
    return buf
if __name__ == "__main__":
    PORT = 12345
    SERVER = '<THE HOSTNAME OR IP>'
    s = connect(SERVER, PORT)
    print(read_until(s))

In the code above it assumes we are using a network service as we are communicating directly with the socket. You could also interact with a file like object that can make it easier to work with the local binary if you have it. Then you can interact with the socket in the same way you would reading and writing to a file in python.

In the code above all we are doing first off is establishing a connection to the server then reading from the socket byte by byte until we reach the delimiter character, which I have defaulted to :.

To Run the code copy and paste into a file and run e.g. python readuntil.py

The response from the server will be printed.

From here you can start to develop functions to fuzz the service with different inputs in an exploratory manner to understand how the service works and try out different inputs in a consistent and repeatable manner.

For example if you wanted to test for a buffer overflow a simple for loop could suffice. E.g. if the service returns a prompt for input then awaits your input and requires a newline to accept the input.

def overflow_input(num_chars=128):
for i in range(1, num_chars):
    try:
        s = connect(SERVER,PORT)
        read_until(s)
        data = 'A' * i + '\n'
        data = bytes(data, encoding='utf-8')
        s.send(data)
    except:
        print(f"Server crashed with input size {i}")
    finally:
        s.close()

The code will simply loop and feed larger and larger input seeking a crash of the server which can give you an intial starting point to exploit the service.

By using building blocks such as these you can quickly start to test out network services and local binaries.

References

Python 3 Socket library

Tutorial

Python
Ctf
Buffer Overflow
Hackthebox
Recommended from ReadMedium
avatarTheHiker
Silver-Platter , TryHackMe Walkthrough | TheHiker

Hello everyone, today I’ll be covering the “Silver-Platter” room on TryHackMe. I think that this room is great for intermediate students…

6 min read
avatarSatyam Pathania
Secret Linux Commands: The Ones Your Teacher Never Told You About

oh yeah — I m your teacher gg

6 min read
avatarHarendra
How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

5 min read
avatarJessica Stillman
Jeff Bezos Says the 1-Hour Rule Makes Him Smarter. New Neuroscience Says He’s Right

Jeff Bezos’s morning routine has long included the one-hour rule. New neuroscience says yours probably should too.

4 min read
avatarJacob Bennett
The 5 paid subscriptions I actually use in 2025 as a Staff Software Engineer

Tools I use that are cheaper than Netflix

5 min read
avatarKhaleel Khan
cURL for Bypassing WAF: Advanced Techniques & Commands Every Hacker Should Know

Web Application Firewalls (WAFs) are designed to protect web applications from common web-based attacks like SQL injection, Cross-Site…

4 min read