search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #26

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/b/gdKX3drJhwiPOtroH7jDJOqDR29XrcXyavV4FBDv+x 6/u7Ipxuk0Dr2XE8e44b1C52zspWGCHOPl3/iyAlLU4wtRqGC9PlSRHO3qafDQBJ VxxT2YZrsKI1iTw6bScPH2T1udhspjMwIMshS0+OeZTTFY0aGRmk6K2JFz+s9et+ tUiAxPqJLtfuZbdTskCciMrnmcs4xWQ4KwSzP3YQdoRLFhUkPpzwhCy004q7HBEX +1EuONvcPLDDOV1tcIF04o45zD4Tj/yIA7p54o8xPmwwbne/oAdH1Bxb3yl4BxPP qiYRkL+Ai7si8sCPztzWlbqA0yJVPy//396zPEmS/YUBjAPcMgCV6N35oQEMANW+ X/QQ2rt/CWzepyWSJA+nJy56NxZ1/DkgXisDVEH10RHVPs4hVNGJ/M8TD8LkIY/N R3JKMCYsMvJUob1cruLEwBKMVyPjQJ2PtrTa5m0WGmPkiJN76LZSv4Jsfym9bybk nO6uKZwtlUTHMLqkVgc+QWjGLQE2gCeP31cNdYmltY1I3TcQCX/4j7keGcfCXvJh fTZNA7sakgqoXbag+AO25FermvY9wgZlNOVd6y8+THctMIZsjbjjPcmOJVhqxiqg 4hAbW9gSdu8hUBEVmR6GWNQJ5kS6q18rovINoeac/M5ooMVYi9DfuhmzAsoevZtM 1RMW+JMCkEm5p2mnttDW3C2yleGer6gNEffzwS2QzVTLphkaVAkMBDFAxQds5doa 9CvTlymAI65gOtvUhYmx2C3whxWy+MO9LX4/Z8kSDYxB5pOvZnfr+xS48VcCXJQX eYriV0gvNXPUzBs9JNcIdKtimvYaHE2SETZp0iQ/UL9z0veJIYYNUaBVYeM5rdLr Aax3OHGkEBnCw5fOX+nwjhJp1YtJBUCMZ92KXADF0mDiEvg/BLIYHoTU2NvbHPWz esSzEF+4W0cQVgSlAvlsLXDo7lEWzjqZgZRh24m6us5wBE63e0jcVebMJY86Q2dR DWCK1LXIF81H0Y8djxmImpca3d6qTKtbajVLIv/honeMKasHPTk9QI0dZmQveuVh BEo5ZbK77Vt5RD7YPezkWfLVLALFHbJHCApSsQ03Z9f9O+GNAbTqhNNdi+qOO2w5 a7koLWYamf4oKHTX9Xg808m5glE6hTAzD2Ac0HBUY30SDL7gUNhIC7Dv4Nj0CIg7 fXZIKXCGDhQdMycn8apvnIWqXo70jWuUBO6k/cbbh96FY0OoWsP8s5vik32CO9KE VVYVToA2qdSqcUsOeQT3Q5XLxFLgP/hHDWAgi/VHtSDDFRMDJP6gN//rerv/3Q/W cV8L3UKnzzwhgiQtuM1WKswIuAk5mf9wfbGkJD70zgpNxo2pz7WqrLBY5vMKU+4D GRqPX2zNR01BBakQzaHmXt/axaI0nGyADpGAJ18Qgda4iYSU45DPxbh4YOKRnRH1 zbU8wQk+W43KScJPwScR9D2tr6K8Ynub5+yS1jcEhFQm4tUNMd818VWtipkiomVR NgSpes3aNbF+EL88S/FypMnlboFhRr9wp2cvNSfS+XM1FLRGcNYvRe22rKP3R4Zy edHbyYvVliVgZtHfYACZvyrLNkiYiflS9m05SzE7AK78f3egkId99AcK+AjlrIRT pZjhm3PZsOzIYB44Hv3a4raznqZlgb9ssooaUjECxKu/uQARRBh6xUpgAet2UDUE lhQHD0RQseKX+uNV7bWx09a99U5+TbsMccJbPa2vFRhzt2Cps6On3N+vKVapFwu9 2vGQsEMx1q8IOanaVZ9LvbSXdFDGCZ73rQ8+F+DwqP3cXymsaza2ivoLTgGkjCvI E/qhkOkBy1qcYgTJwYWH9xjr/Uz8Zid9T7R0ASNFZP1MuM4e+IoJMWWLFSS+FO9y ljsjI5UjzmfhDwppjYIHRmxg3hCPenDZgr5VOx8msv5iVMtk0ySih5TB+or+Zn7Q GXLB3E16culX3XK3AQ0SysU1vZlt10nSIdEi7Wd6coZjAbDTbtvyDo1ZWRMhgp3k oabSYSsGTmfOLfMVVIgxPJCft5XUB5yVby0Ryn6YXAtKCvb+MZE8dbCksEB3jHxw 6WbRiWdzW6fzKVBUNkuBbLJDkJeW/46IgaNss0xPU6KYzBfquvHJxrkXtN3ynQCx eOAmRZtmSCMJyHlq0s5I3gA+swejIL2upX3YPpyX3qJ9ly9oYeDlgvKzqr6Lvlse Xay3P9OE02WOvfEO9ZL1qEtWlx7n0B7qWHT1EXXh/XTVgDy6DZqvxTDVVLkY5ZtW 3PJmRJeK/YeFCgCgCyZLOPIcwDvW6RtT9gQWvTIEX05PemebkjmbOxT15bnc18oE ERFAHcBQSLUFyygXKs8JXbYbjQ+U0TZylkHsPgKyb+xtBVsIecHUs+GjnsOqOK7T erpEhVbSmwKtuCRxk/QWaj4wQoaXsMUja8HQBtjqlgwyJrd1TWXnU3wrkjqImZg6 SLVMMOnyItZl71DrQz8FjMLcbwAVGLWSKXgIP/MZFw0OIeDZ/m7UAT2yyiENbOKY 4w0TBPbJZ8y2ZxlNGFHYWkQdcBJlfXz/16YcSVQV0C4ggtAZzEGm+mudAuNc/UmA YEHHYQObispDYJ/xO2HWFFQdO+n1ZLqADuH7dJzccQwXHU2eSFDNosNOEe9SBUJ3 bCy0QGQZn/YJx7wYWZKpY2egS80Ecyny46QDyOZdZFbdr2PLBUxjw9l4GudbDK4I Z6ZhFJmdxkh0SmKzy+vPMzi6Bwuu+SKwV2HsPWnVUq4AzIL56m7eipwoF3DtpKPY 1b96TdsaL6f68rfK+Hw6SSVEpmgBUAoMMSIzI2RCWA3/SnLAV88GHAzh8Gg7PGsk QN38RC+Rb2rpMQly5cp1kJ1y/pIC+y8JcJOEzArZOF+s6NAvW2CCc+2DYTtpc9QS Wd5y/hIezAcHcHRxXwEJ1BBOOHqSHVUUxyn2NP1/nigjrkcrrua21iYm8fTSZt8i i3iN6jlD/ZmIdSDrPfv6TylBzcURgMzaD/bQQOfxXAgWBTNzvdSfrf9Cc85eWGOZ mgK6J3dnq3DssHRA/TbWwKkLGB9RIl9mno55itnfjKcGAgHgSOZgbSZZHHObdnJh gQ6qMeNTbjOA+XPi/aPGAy5AnrvdgcmExN3Y8D54i+ThQxAGjAzVK7zHlF1Zm1Gi ZGHxjMSqO9vFrEV3HkZxnS5jH0+CdrTc8QkG9T7GSQR57TH9o300x4A/8Z6Xfcmr SftlqOmMJ2ij7ZkOO+Irq9Ieq8cLWEwafv8jBY4xoYf8H3sCSG7axdHhjyX9G8PD 3IHnExjUUXC9C2SbSBM9VfLHHgsw8GZDp6pQruyjUXBmPrSWx45kQx2dsaugzv9+ VRIIX+Fu9+aWCbZgcfT2hX8rU+EpqOgImed9y7Yh3gfAgLjafxPkbH94h3NI9u+V qDdrNo2p/7DCvbGLYhcJ921Q9N4xU3LGvmWbFSZNdoVTILN556yZHSpwXDTRbnm+ sdT45fgd1fYDDt7rwdc8f6TrtrRNOgd1P6qCEuR4W5U7k8KvgrCPwH7s0xGZ4hfJ qZM7eickdz7LHMMSMZD3X4G9m/Jihbu3/CUbiCYKo+rAstqHjJ6IcKxXNh+5Fazb QEfZU1dWd+j38eIiAukg2P+vQsGU/vwQYujDehVM1QzM4v+ERtZPAOdGM/UrjhQl AgVP5hMLtiYdvyndUy0MjfdabRZHcuVL/68BqKD4kiGW38SAXGxHlz6/r5VJ8YqA dt6Xx6tA+dB/pqlv1+AE84Gj0AQrl/DIYRXIbVE2KW0++Nlg4U8MONiF1wxOBihh 0JNAQydlGkXjTNrzk3zXYbGKetsiCRyvoKk0L8vYpC4qpfkOmh0Gp5nr604UVlK3 rYbVjdF2VISg7kWUtVLuwG9DnPzDhNVnFm/WTxzDpTBL9rGwZbLXCwMPXf81kqoc NGPTVzbSyWSdeUE8u4NxxtI9Uq1XJRlVMIfIkUkCAfUoJ14+DGNgMSD7U6++2Asw ArqGzKzN5xms+dX49plePpBX2chiclQRQtHZdD3FzlmK4CnL5474x+JKk/nmW4XR sR9FDQ+GUVRl8/v7wo4g1uuokIg= =ZhDB -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> 1c06d954e899
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 88fca094ce55
Removing intermediate container 88fca094ce55
---> 33210837a1f3
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 33a25bf113ce
Removing intermediate container 33a25bf113ce
---> 85749deeecad
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 2297f2039458
Step 28/33 : WORKDIR /home/load
Removing intermediate container 2fd26fd24dc7
---> 20a1ae491365
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 24087d5607d1
Step 30/33 : RUN chmod +x /start.sh
---> Running in eff1306086e6
Removing intermediate container eff1306086e6
---> 4be4fdb5d237
Step 31/33 : RUN su load
---> Running in 7771f5fa6dce
Removing intermediate container 7771f5fa6dce
---> 59a736d023bc
Step 32/33 : RUN /start.sh &
---> Running in 572e69738864
Removing intermediate container 572e69738864
---> 5394c103df4d
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 5717325222e2
Removing intermediate container 5717325222e2
---> 250e4a2de9d4
Successfully built 250e4a2de9d4
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
39c93f19807a130b6a3fee60043de275766e489ae404c9ff63bf21f5f257da13
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> a2a00e48b7e4
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 2276ed505b6f
Successfully built 2276ed505b6f
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : nbmWJpPpzz
[*] Exploit returned a wrong flag string

[*] The exploit did not work.