softsec-is521
commented
6 years ago About exploit-bug4 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team2 (branch 'fe26e2ba5789e238ba74d1bd191609ae89ce6483')
Sending build context to Docker daemon 283.1kB
Step 1/8 : FROM debian:latest
---> 8626492fecd3
Step 2/8 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/8 : RUN apt-get update && apt-get install -y make gcc procps
---> Using cache
---> b5afc8e01f5a
Step 4/8 : RUN mkdir -p /var/ctf
---> Using cache
---> bfee81318d4c
Step 5/8 : COPY ./flag /var/ctf/
---> b158c7eda955
Step 6/8 : ADD . /src
---> 1c40004bca60
Step 7/8 : RUN cd /src; make
---> Running in 67b5004de6f4
gcc -fpie -pie -z now -o cclient -Wall tcp_client.c
[91mtcp_client.c: In function 'message':
tcp_client.c:311:56: warning: format '%d' expects argument of type 'int', but argument 2 has type 'size_t {aka long unsigned int}' [-Wformat=]
printf("Error, message to long, message length is: %d\n", strlen(text));
^
tcp_client.c:288:8: warning: variable 'command' set but not used [-Wunused-but-set-variable]
char *command, *handle, *text, *orig;
^~~~~~~
[0m[91mtcp_client.c: In function 'broadcast':
tcp_client.c:341:55: warning: format '%d' expects argument of type 'int', but argument 2 has type 'size_t {aka long unsigned int}' [-Wformat=]
printf("Error, message to long, message length is: %d\n", strlen(text));
^
tcp_client.c:325:8: warning: variable 'command' set but not used [-Wunused-but-set-variable]
char *command, *text, *orig;
^~~~~~~
[0mgcc -fpie -pie -z now -o server -Wall tcp_server.c
Removing intermediate container 67b5004de6f4
---> ea7c3365b611
Step 8/8 : ENTRYPOINT ["/src/server", "4000"]
---> Running in 2182aef83e53
Removing intermediate container 2182aef83e53
---> b54c38459bad
Successfully built b54c38459bad
Successfully tagged 2018s-gitctf-team2-fe26e2ba5789e238ba74d1bd191609ae89ce6483:latest
2ef21261c38ff9ef662f8ad0021e8c80d9bbecdc78cf61e0e97f06ae648864fa
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon 10.75kB
Step 1/3 : FROM debian:latest
---> 8626492fecd3
Step 2/3 : RUN apt-get update && apt-get install -y python
---> Using cache
---> 8691a6228602
Step 3/3 : COPY exploit /bin/
---> Using cache
---> 1c4dbcbb7a32
Successfully built 1c4dbcbb7a32
Successfully tagged exploit-fe26e2ba5789e238ba74d1bd191609ae89ce6483:latest
aaaaadminadmin
mj7CBEHtm6XshellXshellXshell
[*] Exploit returned : mj7CBEHtm6XshellXshellXshell
[*] Solution flag : mj7CBEHtm6
[*] Exploit returned a wrong flag string[*] The exploit did not work.
-----BEGIN PGP MESSAGE----- Version: GnuPG v1
hQEMAy8nZUIPGP0nAQf/bXo05FHSppXqvVt4ciHyE28vTWIDyBh9tPu9byu+9NkC vjLjGQ23T7i3vlxC+Dh/rfXU6xUv4HHCRm2vJ5oTUyQgcgNxvfcrdqFZHdWK794a Q8kka29n2gQfmouy0MvYggdmDB65UYuTCFbfKVL+0TC8fe0WSH4OmGfnuhE88JBr raqUmxjAaJOE1FYyqLOnCxQfUQRe8SknTHnNw1xuzi6QzWNE2Z7UzzASEgvYfLL0 NTPBKvcCovrZ6st7QOa10ySs4mvoslB7FEDb8Cw8kfh88X/pWBBkP8YSCNoGNNJ5 gc9wIki7l14BfhLZBEFYASDX0xzEdMDOKmOJLM5mq4UCDAM4dsjNUVw9egEP/1Uf pBnq5qcVVAHu9VvkJ27cxIAi5KuYDH/3bKpAapntWwvaVljJUsjN6Ker5ZM54iAb lpWHSTaE4l6uOeXsTDH/AHR69cXJ9HW8nmEOjFc2oOlfIWronjyWdSsOWsPeBjDb 06BY+H6TARtfwhMjvGahaSJNSTDjOae+GMqlF9ifCb06K6h9TySeaFUKODoVnmvV RbwdJQZAuJUI5Tkxvqy7+Rg6F0ymKB2QLl7+RU2bwj0PUJFfIOZHK+WxxbExddxT mZhEAy2cS1nPM6CKKSCMOhIvcFzF/761vJj8C3Pwp5lIkbign0Ql0dXWoGTOsctn dQLCLyMLlRTecaLCamLbWtP/tJc8pF0WRQ3JDwXaQ7goMSGNL3AZLoi1PzC7K4Db qQ29sk22hWF1FT6sdLEOZSqb9K0qRjkqnAJVd0GxFozTXMEwtDJVFlzy0xUALDAI s50DITkS2mlChPiUY5WsfP0MlRBGVyiCRRoN6+QjVzzaaQHLJMZX6LS+8oJO6D28 oTLyth6NPT8xRUywAQGtpUo8EE6q0HBx3yIZX6ouwwNngYX7W9KPetg9/DzGisEb 7ZWpiRDQbNg+wvMbULS82PTe67URSAugHZiX8Uuf9ccQidPdHcSiY+wO2X3c/Nep jWS0Vv3del/IBXl8cUwhQBEltwf0E8xweRsF/x5r0uwBGVCS80HFRll200gou8H0 LJRZb6q5JpH2frNaFJbR8JQ83u7UPx4ULQJz5eyRtIwfULAr/bCdeCD++TOtv1Rb ozbGSothfiwHi4Lj/fzJfcWD0NNEUlGKmpfJS0EEUvEgBnqeKEtlgYR0j24s902K To6r1ZI4HH5azk7/VSIfPLUH28YHxSgE0WsC08tmZUCv/xwLcwX1qEuoSW6fncvz 1PEv1uHZL5MDXpJBMcnBPuR6A5i/GgkDN/Tgb3Bi8qU9u7Fyrr6bGXkX+46WmbE7 uHskZCb5bAeFSMZX4w/9pAHbKMDnofnSNpfP9kWkvJnVHp/1MJNRnP6cL4VKEwtS Y2H6GOZ68XIjFSIYpYWpOT2TXAB2X+E0N+dw496mHFRWzbULmRxeQa35G6jsBpo0 kUFV77tfjlvisWzMRHmYsJH20T/IORGl2LSIarN0snkMOkQE2Shq4iWiRScef/75 LOW/NQKHVL5ZslbEB4hUGqKv2pni/m+gIQcT5jkT2lE6SKbGwXJ+Y8nzsgojM3q8 B4nyaqQV3+gQVg17o/coSGyKt3s5W/ifWMF9J/juNAg3NCvzgn44ambAKQTr4BCt tQvLEdSQ4wWjlcoK4Id76rDLtw9y/01lXbAEvVcktExLG2scQiffJIOt3+UWqNHj n5CVlANVDYZlrboTRLcvgPlfxBt6Xkz/1yjC6JGV1Ptbi4pfOfQY/1ap3uiHeGP/ 3SmUW2Dc2X+lCc/sT5PEgRewwOZYmtxvoX+/z4m7maBNz1ChGBZ+NsEIj59EENJI kC2SfRfqmpwYgQm+dd/cn1veKkhfzuLJ2jrm84nUiLrmPfzITY/gnZFJGWPK9bKV xEUHSVyI7e0V/T9xiXtQn73qs/empiGq+YnzCHEwKJN6sW+eIkN7P9KmlET7oWMP NH2iLVetBr/tp0fXorleiZU/Ub2fMLnJ24JL2Yg3SGbhz7YcH3JVtdEzU7mxmFCa Y6ATJ0MCz3FtqvLRSmepg4ttA/NrhYwHBYn0cd8LEil1/mCKLoewIDdnKeicknM6 mU19p77cOk5bcDmTKae5X9fFld6Pzp04Lc01HHtkJR3Qi1MG88JZvvXRonZR5ioA ZYsip5ls6b5Zw6g6SfrBYwwVtUTuhP+8a3WglTGIwV+UQYrVovVRxE0+Ayj9udyM OUV8vV6AMQtF26Mlm559BYJDEnz7jarASYMgq9nGDmKizbmNs4+NUHMhszIIRRPD MFjFb21UBpTzdWRTxdWSW/Gt36gTQLld5BSeS6kHwp1lHBRFFAN0he6uzjyBMlv3 h0x2za5SHmNwCI22F0oOAL8tc1fdqQ8p4NM/78p1G+sjvq3btUec5sldtvM6VlJh vNcJIAxCy0cK0wei4ZOJqV9ncMDMS+jpvkC9Ik7BNWpVgp/NE/B92f4A5GKx9IzJ Tg5wS2CGwcKMu8Dh1xlxx0hVbcxmnIf+wNT6/CTIs4qbGlJ8qYB+A83G8BgcvpZp fUrG068Bu24eO+aeaxnJ7oyOO9zhkfWwfyHuNDC0tJVmwJBySo6WKN9tCryvoJ6S yKMD4J4zy3eUvfmAHeZ4fquz6FYN+A3AAP55fkoMbavxaU50Ghy2i84EYB9E3iW/ 4jXGTr2xiAD4E4BWZcrJ6HjVVWo4/YEeI3tjteOPser2esPn3qUczcr6u+sErt6B 6HHpzdpXgj2yIXfTkWFGgSLJX0C2LLto1McDiEt8aiBxFKzok5nZAiDOU69iOg3m yHfCSnTRixo4WheI6f7eBvofRazkGu2LAVoP9QrtVfFLePO/5ZA03VhwGKJXmEWC N8XDppjCnNXXIe+Sm0wSU63PEyakywQTvsPEWtFWs1UWe37ziTBFCPgJv8eulYjC fr2UOO+dTG+qt84//wPRcGLmCVnaQTdLoGDTBSk2s+W1ruavco5sR1We7lLenGxH x5fM2zxGfY6js1Wm6HPYk23JSNzripEMFLPG82jDh92ALVUi7QJXnIWPXH+FlJyD 5BIVGS9TtPWxp/2VqesPdYQzsbpGjBRlIh3Nn79bjzjvBoIMd9xScq2HXcTt5y39 ytuWny3nKDZMg04Z33GGN2pwkvtVi4l0HoQF4hXlmogfayGHQXVGzGjV1ggJatpn SQ5DeMckwZwCtVW7/2Qz1br7yqkaDBceGKHcA23ndL86HkB5HKxEbyz1bwUSGExE USLIMcPI57V2yUnndv4pmESpPUgLSGBHVWAjQIadp4B6eelk8vE6F/yTEFvFPwE+ MD6QO4yvfU8IsBziWPDqU8Tg+H2z78RsD/6qxFg45PhZjeuQ8LpULvftg05mXELn LZ5FSi3hIKmVKNeeq/XxTWoT8IAvgdSvFap63Kz1uRNKDFUg9C4Mbp6jQzYHK6Ud 1KZ/p8bZz2A21acDaVXIH77dgDN1Xuwkal+hooBwO9SfcMaI0RIUvJpciXfEredd ysraQoMpOCgEcBDZYOli58Ou7iZpd9F3XGrxnJMpFuhDmAxekxRsVhahqJ0seRbK w+py8gZiiERwcf1nR4gbbYC1ahEutm6T6er9L2/UxXdqG056/cdP8j0qWvYEm10A rVYZyx4osXTvNgUSp12kMITnwSU1R6YoNUP11ko8ibuXGzEJUTCjmb9nB0QTEUjp LiEAoHzNW6tOUAUQGxFIcH7Gc/orrMyA8LkObhxjQfyb+iKFXan4BQE7cEA9e/X+ qWk4u/sbYCbRx1sdeUQsUZWFBbe7MbMhbOHPNp8tJw+dSnyBLLrkWMX+0v6cs8kU GdvtG3REPN7LonOTsXPIgpfcIktnZOWNr8DVIO5XzBz+Uwld+2269gFLxUXLj6k/ pf0gNXBbqajpR9NXfpeScOFOI8mSwCh+otIpwu0zf0eRNWYq2VXgWSoQSxwPJP6X /ijXlzlmASoxpB/fMtZUglx+XhIv6oNL8EwU5IWDlg7KK9kr9yImPxvotZiEZ3oG d3DtMHA5tpgIZhVCKgcJn1DFQRwDeJR39X8Y2yKOKxiaBuMpJpoQUswBgUq78vmU drQyaSMBLyQZwXhnKl5mZnQLIYWlkw2/bwqrDyPPOOssmNYtrKD6D2bK046fm+Ox u8DdKZUZ/P6BMG1ejBh6jjrwVwQC9UDhh+hrnzFHUIZGzD6klrPNMOucnHhM9kiC EYzXh+sTaUoQ3Z0xbQqXgmo1dwQhvzsBlfS6u/BYX0H4Kfi0/ROvys2Ux+y1lbSp tkLt8d9ktFIunaKHEBE4TB7RPchOofCrwiklV8SlkjZOR8VLzCAoiiKK4Du9F0jZ F2U4R6fGnxsvf9gNZwbznz/yanncIGxbgQLbtcr7Yz1W5Hy9A55LbQo/DXhCE9H1 ZdTY81SkN5vB4KrBnoAOmDl3W37oQufnB8mCzOoBwnRSM4MUdCL8GFk0vkwEwRrO GsCEigZIDYbmx/631MzuL+DtfVE93RE2v9QBDPupkrIoTZnUPx1pBT0KNy/1Baq8 62GVMg7icvLcDYZQ+nz8e9B9uOcJgIT0TbZeqCiheAG9VhiA7bwpnTKP+ZFEPI/S /UTMl/N2bKJKSL4SiU8sHkR+HYnU/Wm1ip30Qn+Lkp9fpHyLiwur8Riw3HBlKdam ZVG8PISFGhjxk/7ugsxNMBC+RnDYWhQG1YDsovLqn5YVMXeWJDH/C6GK9ubXkc4Q NmTJW79/sFbW+egB5yCH9nQUf38THsh92YdShuZHdTGSGNGGvQz5SYA88U52xzo6 +wqmEEd+2hTOIxf5k2i7yqNCxdW0J2D6kXaYAYiKtKQ2vdUHLe0Hww1wF2MpUtyl 1TQAQ+I6gZnVpEKQ6FxfssS9myywiYZosHncNzO4L1Z+DKBY0wUmodDwV1md0Lfe yx2h07qxuvPNKLqGu4ZY59nqkddIK1lNBWbYb+XiUf5S7YlkEZ5YypL3JKg7iZoa L3iMfBRJVNCjHSFqc7Ol297phVo05puQQZ7lk0fyhVHHz/quOw2iCX5vIcBRPsJK qx7TQuaUHx2y96jCopWZyXLVMDhpBITQQeIagK12l9TkmspwJbIh/ZrNQapHtYAh x/6MmHB5nFG4Sa6TsFnf4XDZyWRtCmaDra433916vmxY0KOj3R6SfY8xETbGufJ2 wWaNXzXjUOhfzaCjuZ/DKAt8pdBciSXY/QiHamOXe1bsrWYkOs2PjfyVaUN5Cqxt pm2zWiP8CPhT572H+qtszmFzOc64DZoMUAH3xHhkhOi2ow5wd3/GMLnMlEi8nMPW pDNLXZrkTgloTiXxc8PLwZAf6PXJpwO+FdxTv+DFJIcxZznw6XfzoTCqmD+18B/u JnvII+056nmEwIzjJjBJzPHm8776m9etQhC9rM6IIZ2PNAf+vexvm0qbhvC+dshk VmXFehsoJWAWNn7gs2TbsYsvxKBIqUuX+d/gqOLMDooTUyDWju29q4BKy0JciZHi ljVTp1g37cjEc7lV5XJY9hdEBp2ai1kSZN0rn7y/VAC59pJKxm5qf6ERj8FJHxzx DHAznAOsSr5KygG1zCnPWKImyYkpR5A/QW2yTZZRNiKVjySdMApJhgXMId2eyLyV 6MkXP6mP5u/CaloOZIWZbDMu5669vwG5GgZSkyfYHH7g4QyPvrg9IBhM/T0ugER/ J/aUdHdDVbJsvJu5MLTHJs7a8qsAY7KHMQ1gGWKcuCF17NaBrEVP3iexAca4IUMi Bk0/4T1zWx0B7ARtarEUYHYVxBWRgvTypYPmyY5tWxJhOUdJFQBZ+TY6OjLRdj5V MnVwPnyVnleKYOSc75clrV91bC37ibCBTiltTOTIvsurGruTnQSEfkfr1MeGRBc7 I0FtzRy9FIHp0kVYiu+6WqiWpRSp7XzEyHTUik4ycvbHNXMPzuarnm7ewzuSoarf VV9v5l7GNYQt8qcbuPYp973f3aWRM9IZQVAWas+jonmRJPzxrQowyzCk9kJVkCBx LUoXCD6xSVyFWIDGj4mz5/hC0HB/BxnWqX97Aa/j26T7UTRyp6zp6yxeFDuRT7SX LYiYc+hyAhinDEwno61Payx/JOJ+O7C6mM2l+1Jg9GbFrMYejzYV0xMMTtWQxOr7 CRx1ZgdLRW6TICPsXOqdjkTnvUloaN0qn4sMCy/mvfLloqfIOUmfhSng13js7lh6 QiXjTutCVJLXUB7nVkWoyvtrQHCd95DkYGLNILOT+Iho8mjHURhq9nwoWP80flQi e0NITQhAtmYWPx+Zl+NyfnHDZ68hdBp5HmrKkS54I7PNWy3fQVo7HZp3+jE/E+WE HvqhH4CVAVfRVKr7BSQqL5dh4t3/r8fMU6Yg4KALVwecxNDdlV7bQcQbBCMM6W91 TTWXhOunFIZ2+mht7Y+2hDQ9JAgHXuWoVjb+Mklr5QRj3sqwX+zCp7SzRAuJfrQ4 yDbgp6Bxawt6H4shkoQC48gek1t4KssQjCdb7m1BBqwyZGKLhT5a44ZwDXGpTDdg 6lcdzdDeQ+fhLlv3JciU5GHtXg5lEqpXbBnUS9MgT2Bqq9toKQhkj+mGJFPn4JLk MmipS0uWvLGFkU8n32QtuyC6TnjC4gNdQvUhs0BekHFv2JC32LvwZpDJHerUOFim VF1pPPioiukMfAoqpstQ8yHHdc29YP37+oS7foP3YYMxGdiMVdu7eHjm79DOAnUC SkzXNI/DvJHTHebSgO40BKVR1NZk3lrxl0Ty/rb+XZNz37ytLue6x97AkvXyh7hj Q+cW0qv+tmUBCpsAjP2DtmZGZ3Gep5L67rZaaufKVNolF2RSOQ4XouBlFjy1XgE/ +usvgFme7CiHeBvdDVZdfy0l7xMH6IUURWx9DtxQxSurVC2LtEZ8Al6wuswHjIQk 4aSsr7HJ0YHj0cponPgyT+oYu082a8LKZV8GZsQVD2vLwhAkUc9z57jxxVCTxrpk ygHzxQe1f27B/5MpUhgVhCa5fG4zAXBTgwm2ZALNGvUAf+Eqdc7r8oafgpzoSptP WNT5/fvuyt+kfp58vGqATmrwQ4LW5rN+L8KBl6xuAprU6CC1RhER7KzMYWClHHpO 6W+7LA8MEU5LS8sBm+AGYddso32sq61s0gsh+nw7dAgzRkADcySxcAQGL6lwmK2z USoKpYOlwd3tPy6az+C9XRgm51Cxqm5sf5N4gt0qMpDav22Uk9qunHV02BZIi1UG siKIbLNO8mLJchFZ0qpxN2QFb5nMMTflqcSVpCx0JpR6CpKWJjp1tz3XcDfddQQL SU41aDQjSReiYhotfYs8pIeZm/iNJlJLgktN9OGM+8NjNt9Log2m5DNFh/96Odhy jfwzMZ14LUym0G5bEJE63nlGXQSrESKMhr0NVUL7UABKTzqEHf2JoeR+xRjvbHSM I9NuGUIb017yvVpMRfTtTAC3N8nPRA6lfYbnuV26CQG/ILAuHg5kR4C205ZZZYRG H8N6nt6okENXGhu0ff6XsRCmuiBDoLr7wrWXEYkPFqqzX8xqUOkNbC3JkiAfREtN DV7+703/zDzX3aMy714N3gfNMACtXcGAHF8vo5keiVyu8gEwF0eBWqXgKO8iE26B f01+vpzzy+de8ju5P+8Rs+ZBRtPmg+1eZMTcYClx/93YKId+/nNPPNquCZNdsy52 Trsc6ABhKqUyXOAItKkRPa7cz9gQAN752suC20g25irhZnf4yi5mSiTcq2W9Emrx OvZ09kXxTd4dohYXPpBREVGsQU1Peq/M8c8nZPmZYm5fivNNz3STrDMQxdN9urHT FLn0Li3ldrgUphJmbEUmlZ4NiwQmrtWHQ06rS+OutBq2NuCu6y/3DD57LJJAP/UD HuGGs60YJjQ6GMf0oEXyzmQA =fBm4 -----END PGP MESSAGE-----