search

KAIST-IS521 / 2018s-gitctf-team3

GNU General Public License v3.0
0 stars 1 forks source link

exploit-bug4 #72

Closed hansh17 closed 6 years ago

hansh17 commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/baiqs03o7Z3boeJWCu91+tmivpiqeomLE1JDooP5Gg2J 3lklpp5oFWB7RVJXIg6hyLNSe+QFKGhi0Q9FShH694RjbYN7uAyEUtO3tVnpa2qA /DTcAsjvwcNq7pS9eBCV/DpxJTGt5MBF7lnZLkMIU9rOJHSOZDjg4nHaeO01QCdD 0LBjjPqpfWiLYaiBpIUwoskAlfZ/eYIpwg11ypywcViprshB1xdkK2Vq7UeddOsY k+lhesCA/ScLX3p+GMuCHB/atKb92qPpsjUAqTuOgG7WcWKEr9bK8wTqNOuhh79P BcsgRXswne5Q73TjJUaEPGq2Vy6DEyuOrILAu3tImYUBDAO6/NDcVCH0CAEH/jcH UuoHxi7H2XLD9qiN+Ih7hLNwfao0F4hCsOrHuFPsXqFtw9U3SMSk7Xi6QzBLJF8V NgNigx9b9ZVximfaiQO7m2LHPhd5C5RNPwhWvKQ9BPlk4gNgHJnNQo7mevweM/Xi WXb3PELlOyKxi1rUSXDtc7WCDWCKwdClR5/uEOfiZPx/lC6XmKPMaFAEiMbpoh1z otBgMxNZECWCEfQOIrbKdv3oo3vw/zsfAlpVVKIWf6SB0Frs2lPTtJJWVeeBXVLi m6nQBjyNM3R9/cpSZYFP7RqfDOm49YpDdqqhYI23n2tM6SCsG8ibte5rJQgsTDej HeCHFwTMR/cptGStI1rS6wG+VmgooceI/QrpVq9tVXeMJS7PGUdhIHoHEoL8LxkW nvMmvTSOAAlMCvzNu9bapRNt/C6wvBdMjbuJiTiKZ5wMAuC/HF94AFtN5TkTmWZd 1UJVNfkh/NGRNmzlJRyhdL5ehGlBNIwEuYtADlt3AzuYZW8Ic8OQoMWM5VD7j/eB WywKyDZAkVgJBJ3sdZU9qseQ6DsP0NV1GPeUB073rOwGimKMMLcqHnPRVbyymWhX ttRs+XL54xCOYo484Csd/HbehExoPPffq6yBGHQ4/ove21bTpK0l67nHaws+mbRJ 3moRa7XXqBdbBgbiPNEa97A5w68Lh/ickfZ4lSQ4sS5owrpm0W6RuxoSEvEGjCzv Y9SXCPP/NvPJDB+DL0rZisROZro3F7/cCbZXwxbqsTBeI7BlWxofJBrmTgBIcnOm 2gh0jInUvbC4LH9gcBoJNeHrmePBKMAPz01QGRDQCVyE8WMFfjhmAJT+fkcZefny naSKoLnzbiA5yL8bXsPcYsNaF/zS6Ealz4UelL14LYxNurW3GeullVtATy2AM2Sn DIwI1TXTE92FU8lXepM6KT90HIwPct3b/IK8pj7DjM3dWibIb/xeZVT4OimAl2ZA LvVW16sil/x3qzMt+legmfVeic9AJx2SteOsvyieO4MZ354r6XJJAo3vkwYgtZC3 eKlyuoGpTUbJptsHtBSN3xz/aYBEW+cFMtqb9NtG5KnXHqcInFSVBsSZPL1SbqGn ZsKD+7PH+Bo/intg4ukwBc/CrFdi9CwZodj5PJgdwlzVxV+FseaDzeUYe1ATmo3g cKOmv4gGpjp18yQo0O8sP/c6UDMd+PmmzOpoCpGoUpbaZmN6H+uYBT//grNGzAiY jIlI1vOLI0rA9ShYDDR6unGgifTNdTl7OOSwnmTDd0YiRtqYSR/gxT9xOhvXFl8W sA7kYUsPscUybjkCfV9raKFArk1/HViCZviuP4Z4LnkcrqW70rZxn/1eZPPtU3LA ewBVYvk45kTZ29GZEwvnc7nQC/Xp7S7I0SFaSkxwHgPytRFSOsKfxGmE1I0f25aU 3/rIvfwWIkHcWwWFVtI86k9iJ949WHwDLf8uj/+k4+KhC2EilPREDaYjFG+2nYG6 z1KVGVjpmXILMQ7vHASxOxNd85CID5UYfy4I03cHJvXfNMgheev3wVTLG7Pt0ums JQCXwQAfDT6ElDX06Rqcvl67clJm6IDkvQQlmfx8BtRYjl+MqWpyw34ofKA6bfMd zu2htoeIgqblQfly+DH6SXcEDvVVsH4tILVGzBYhrsvb0l6N116y9SheheGWzN/C NQIclRqN+irlpo1KjcO2hCiIw0M33rwfGIseZWVfyyUC4vdJgdTx564Unb5xuwta rk5Oxmvr9ExF87gr6FItogeOtynlKifVeki9mV9qAe3MJOhR4WkNYC6qUiQOaH70 Dmmk3sqawbwOk8G4Jv/GsiTG2sxXU9lLmvT4x0R63on1ZTGXr8LKbPm6cVe6YV4T JJ4a4TO/U8LWjZuwDFrdGg1I0j2k4xjJiitL5AH06o/i2Lx4V25O7tMRrpKUv0Wz s/spYpsUXfBn7NFAcahwtKsQv5RHgdkYW1GKxF2L/0edWM08SR3v0U8lKVPQVplK /chNdHDqWJBEyQAB7j7SEddIKCr2R4+6yBhF7hyH6UQRhFqaYOkY0Hc/OLmecRbI NhsmpesMPSUpGKc1725fy0xS0sKn+rIHJP4X//axq77/Y1Dr4Y7q93HJYvSSXU13 Wp75ADMd+uJVL81nmMsjBS6E8C/dzXvk+UvpRsaTpQmCCZBSLdoHZnlIsAiohVRf 8k/Gy6jxbhlpqvWT/am3twIP1bILLTPUD9uaiAA8NtS95ZvptL2k5fhCQAAYX9CQ MJWntiKI0Lp38mm64Lxw6CrJlDVHRlxZEZW4K7WFHrV8t2e5YGS9agcJIdNs920o 7dTopSdlkhHgQtO00cUZog61yyNlzPAr1vNT6y6KIQsaQ6bGBCs7qln/jI5SeeOz DK6guTC5d0kibKt92Lqwp0xteoaByaHgEND5ugS5IUr5ybwcwlUTunZn/fr/WkLg Zxp+YBsGlhGL7KOOScpgw28jbBXtxDA4n0Mnm7JL1GLVZmXjC+6OLIHxraXNkgoJ XgiIJrM0H6IwktyK9SgSYaPVOVDQlMu03QYwkdGgJqMpe+/peApeZJoJroE/vCkH XyBuaNXVXgkcB1bTaO/b4+T9KW4oBpSVCJB4+sc3VZt6188Km8abppPtH6kZoo+F r9m5h6oNeAf8XBruDr24jpJ1pwxcbtFLNZEXsQli1gD/ARDNiFUl43wov9B5xqtZ CsoyUqgJAFx7q3owT77dS2dzingmxKi/JKrZhkilgU35DOxlKwTEayTO9LBpHJXt uasB4WNtWM72VYZEnqCDVmit4ep0bDHSUkpMWNQYB0GT/oVTSp3uh6OUrrHY6Y27 GcGpd2B2AgZDHqCTzRyQix7xBGUVcypRov3f7uZthFDn/N2MKa9AdDmf1SjLGWbX Kv6QWJg6d5KNwIuN8X9r5SID60oeE1q9g0vmA3vlL3ozHPibiZ6uqxoCqwcHcJfn Ok81oq61Nnu2pO7+1Tto89Cl/TVLegM+hTOtzH4x8vpU6493AYTHwNomygtQmti4 ZvO/f8QXIIWhqS1R/JQ4ham601bvltYcU8tpVaJlKKkcknDcIJiIFdONHPGaxgB2 6q0lMaDsinuQaVLMu7OsDUrz7nbrv6j5xijAnJm3Oyj1S5m9B6PtTb63sSrzGvhV f75wl0XBjelU4K3S6uD/kzM1hvELBRTzQ01aP6+YdHqGA15UCbz+OxMdqEd4hWKq D3G9MtzT8OelgD7fyDYLJ91mwjixbXk4G0CrENXvMZdal1T4PmOU1Ku/WSEuVm0p EeUZkZPQgrt+uxVyZTaLU2zpG1QSWUf4v8Pn+3a72j3FgJXXQ+D3C96vaGN2y1Fg 60UBSeAIMtilVG6y9Klvb0GXa1lTWU0Ojf9eVmmndRcOojIZe/xEwwa7AXJd2xQj W23RvwcAdingAnGLxmORi3ng3H/j3I2zSG45WYaKXC6cj7h6/UuBPKGm5RXZsrgY dx4DVEIngwVyMXFVawKJXcl7WKwnnDGPEM7Vd/3j9hNhm4TrGtd+vC4QSWAwxHe0 qPCxiANb4xZM2Q2iL/DAGzI/u9ZF8X6Fk5OXSXjqlQQ04jR8Xm484BL7LfzUPQI3 8c8i6lSJZtxE5mNzoj0kDP9GHF6tRuG03pNm66p5/dXhq0XX2g3RGs9KNXCZpSZ4 tOB6ylHsdOzvy82ofMV2a1qLsk7o+66Iu0e10Q/Zp3EP1cEMlsxrZZ/Sl7+8Lhkk 4YXlonkHb4Uc0qEolz1PtSnlT7gXFrHgRNhXUglB1tBZ8pglto9VSXMI0k769zyd 1f7w3iLn/twP+XJs+crpknUgXy2Wk1Z0qZ+HYwdsO2FoEOpKQG0d0isxErCUZ03e I4F1saW5S3xUfrPt+70jBL9lOsfzWnScYdoS4tWDEvUK8fn74OnS05+X7ud2oAe7 2wu5pyGyz8vBUMFUEQrqU+0IO5KodtvOjPuJ3rPg6lC8ITHg2DQGlRdUDk78Bd8E hoZSwjCY3yFfDkUAZnoit+8fzApljpZQ7aF4EcczFpRRavpNgy1qLmxWRLppeOA4 fbVkD+vnxFBNMKzAdjpPf8C7TmBkJD+HaVl7mqPbuYjLf/2zRAwm3OHudyGZE3xj p2AiJIX+V8IFqPR6tIGYigaaDb6V/aRqf9zKqQXmjUsHERPpyPS+knfmGQ5/IBHB OMpWBfvVphLxqk6SMeC3qx+kCsF3uxvDBfre7nws/OEC2cwRGrcOUoh0jYAkpBLQ 9mQLe4FaIGdSam00uAU8Oe94H4hnN+Rsew/Szh15FzMcrkDF6kJVHxkD20RdW1ug PjkfAtnLB/qqyZXk9KJ5aCocFX8oOYDaYJ2o+8RqDXa0YBnWvVoH6u9IvQPkCv8+ 9TI9mgwCvhPKjhod9w4TsdufwzSgeJe19Q34ZGZZKo3+mxQkHqLcUwsxMWZesxn2 U0NNlvloiEnjCvITCaFo0DTAVmMMpv94gvDH9FmFXli7i3PDmheL5yMMdx5V81py Z1DGBGo5nMXOdgVh23WjBZ/utKjOo/OD7BpMrb1Ni0QAz1x3rIN0nzJ2tOHT9YLx tXQ6jrDaELHKjC8PTShR7WLuOZ+Gtv8Zwckwpaf8kAKAjwOcRlGoKsmmHxsYil1V NL6cHCee3NtDb1RY8pd9TM81qwADB367vFzrIFxoslZA64a+eeUZHLh6cVGZPNXy aMl/hmu3D0zqPC7DrStX7yoGjhas3a5zCJKEf/VvtXd+pHwG7xKRE1TTUbTGbqdZ Jzn3Y+IRcTQ0T6ctt2J1zYaLvhmy63WTEYAE3BI4syjIT8aCUb9F8P2/NlX0jTkU EVr3l9plExjM =HHEi -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug4 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team3 (branch 'e111536a0343e4243a3df7613e26178f2c45acd6')
Sending build context to Docker daemon  305.2kB
Step 1/10 : FROM debian:latest
---> 8626492fecd3
Step 2/10 : MAINTAINER Team3
---> Using cache
---> a8d5c7b36c3d
Step 3/10 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> b88e8441565a
Step 4/10 : RUN apt-get update && apt-get install -y make gcc  xinetd
---> Using cache
---> 1b0ea00b0dc9
Step 5/10 : RUN mkdir -p /var/ctf
---> Using cache
---> dc2501c5472a
Step 6/10 : COPY flag /var/ctf/
---> 7ef3089aaf44
Step 7/10 : ADD ./service /src
---> 589cc748970e
Step 8/10 : RUN cd /src; make
---> Running in bf53d6a07328
gcc  -O2 -c log.c -o log.o
gcc  -O2 -c llist2.c -o llist.o
gcc  -O2 -c chatsrv.c -o chatsrv.o
gcc  -O2 -o chatsrv log.o llist.o chatsrv.o -lpthread
Removing intermediate container bf53d6a07328
---> fc71ee0cb69d
Step 9/10 : WORKDIR /src
Removing intermediate container 50a7209b6a17
---> 24bfe807c68c
Step 10/10 : ENTRYPOINT [ "./chatsrv", "--port=4000" ]
---> Running in 329cd70687eb
Removing intermediate container 329cd70687eb
---> 71d4a64bdfa2
Successfully built 71d4a64bdfa2
Successfully tagged 2018s-gitctf-team3-e111536a0343e4243a3df7613e26178f2c45acd6:latest
5f142766bcd775693406a576ab2355ac884a51fd89434c0176111c95bc727fdf
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon  12.29kB
Step 1/7 : FROM debian:latest
---> 8626492fecd3
Step 2/7 : MAINTAINER 2018s-gitctf-team3-bug4
---> Using cache
---> 17c105ad81da
Step 3/7 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/' /etc/apt/sources.list &&     apt-get update &&     apt-get install -y python
---> Using cache
---> 83e7210e524b
Step 4/7 : COPY exploit.py /bin/exploit.py
---> Using cache
---> 95ca18581154
Step 5/7 : RUN cp /bin/exploit.py /bin/exploit
---> Using cache
---> 1b5d8c5f5c79
Step 6/7 : RUN rm /bin/exploit.py
---> Using cache
---> c311a45e6d84
Step 7/7 : RUN chmod +x /bin/exploit
---> Using cache
---> a169e9551a74
Successfully built a169e9551a74
Successfully tagged exploit-e111536a0343e4243a3df7613e26178f2c45acd6:latest

[*] Exploit returned : Successfully tagged exploit-e111536a0343e4243a3df7613e26178f2c45acd6:latest
[*] Solution flag : dDjoheKOpp
[*] Exploit returned a wrong flag string

[*] The exploit did not work.