search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #27

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQgAm2m9NAEppUNglo8IzjG2Wbq4WjH4G7XuMssJZ8mZXrBc OcHWfnWu3b8peBepaw1y3PECBP2vdIj8PWLIGAd9AGuOQ6z2FWb7LFSKHowy6CsJ dTRXr7zlaxTojp6yI0ujoR4xJJGW/bHuvU1sWjF8h49/ykgQuiqcITKRM2c2NTcE XJxsgDo4Kibyyj2BVvJBtUXoIhAf7tYmXp4qthuRnmfpw9u02qsbjWeWEKxT7MyB ymi0A8GNNBNd5v/Pb9VKUiyGRZ9rmXW5sDsSVGuvcBByM4WnYa+q5WTT/QLSgvqa KH1PVI5R9EkSwIb5RMikG3gb59gYMczEmIShOcAxg4UBjAPcMgCV6N35oQEL/2rR XQqnbXGo7M+tEvCnsM726ui3y6eTjTTSmILssbJdwB1BGPrAehNaXQ/3NafZmdO7 tBeT1zqJEa/sRT8fPioGpKbVCA/LpTEUsmKX4bEGPghviUA9VePERSvDypKyb763 pDagl2p6oajvtEyO95iM+/RBmysVHciRTCU0Y3hSJFPbGTjOAkBnrW0pv8wQ61vR B5af6Bpb1ZqM5b+uSBOV5OPkfpFx2ZeNqAZxgsKOiFKglHXGob9+8fskdHRE2PK8 3JLM8eyMgyA8KYcVUC9l6qz++wh/HxBGnlkN4A/4+uj5+HzcryEl553tvRYaHiVn GJfetHD6wb1rY0u0GF3OgksL21yMfEJkUYvU8dXe/UsPQmMlwwjvrsAT0tmz8Vi5 rCVkiw9Auh6P1PS8e8mlckd4XexxmcCKnfOtwP4yFHG7j9k1rJu0OLh/GqJTBqn2 gLrqHT789dWCBira9v/0mJR3/h0PvV1VNGSacq+fqZ6TAfPxcCv5xYRVk1PJv9Lr AYz/C/2wLN39Ewzx2t908vbdDMs3kg9kmd+bKb1jmFxXBsJqpa89O4PwuY9fTNtn 6wjnYlJJOP6SN196lOfdFsPN5RR1B3HbzCKasFNtP1tUccyKA3NY+Do26N4+h3UY Q5dzS8zL6r7kWMsdAgBMXgdTfoaLJoO4cxnXr9IzWaJ6hIQoBefzLR/9wDuxcgtb NvIIyOIIoh4fCDj7krkB4FkEap5xtohFqUxJIWFzJYc137RJgEJXeLUhkfmZO6bz Sn6URHs68Yd0B225/dhE1BLwJwkw1EvQPryEm4elQQqXTTGO8JK5jcCLKgD2IpR+ Ld6jw1Otxv05RtmnIsI8tGkpDLCj37Ix/KcOtR77YcAxLROZzgTtZegN/DDTFrco 2hAhnJrDkly/mMKOSGqdi6lTQvaS5i6xLHInROPUGNo1mUeZmMO/QJvRwme5PNQf C38DKQzZGKheNaLuhapNlTDgKh/fZgiguNt/XCY2GTvGIUzIKCZx/BKf3JBmxzDc CSlSmMgQKldKZZXlprkwv02nVXy51CJH4B7fyFiuauCw0d5VlTUNr3gx3m9tLAKm W5TMV0RDan9MapuFg116P9H8tdTOCr2gnnpP0XvG8+E9nWW3Q7K5AlWJ8l1iMTPA sf5aIvMdZUswkGYuRKgw25XStqU6uhyARYLm2NugO0nfMwRDaZE/u910/KLxuc1v 0GFm04ypBq0jH8/ro6+0FD7tCbSe0UZuH1ejhpic1Q/hJ/s2qwPQhue8n05nPiLX rL0RKlU86Mxj703EMQ7VE23H8nQUMjfT2BYT4R6FgSgVcE3FA3iT+njgLwfl3jHe 3qZg6IFUxEzsYz0YcZBPVQ7Fux3IqD8Qm5CjhPIgU1c48ZXZkxlnGCSNxY6WmESi 4jSs2st4rvoWkR0nKjEceXDWIuJFegvVaAjtIP/2xBmQwMVCmABUlutM68fzDb6y ojQ6kLxxlAOvif3QTj/0VewwmAPKkd4YJQSYKEpvOQmpBtZO1rlL0HN2XtuPVWmE 6+61+MPOGL1cfOHgSS+JOmotHyKEuxBDwYc7QF8zekJoCE8FAqsv9pEFt5jWsO11 ryJvwnzHSCEIKUjRrfhjeL4dj++t4KWhkZrUH/05lNzRhK+jt/BO96H0LmpY5vHT uWb9ud72uG3oR0uKABa4MX/YG0oFv+ADmvCWCLvkqY1pJgN6hxOa/QNSFYS+/piT 9qhHID98hD/d/lz0XYhIFBgwEhdcYKsIaX6RfQGUZGjkHZPU3lFrIIJcoZaC6C5a nbyz1C3PRV/qzquyZLPVpdPBRdAtvl8rq86NOOKyqCetclodyGVkWGJP/FT8IM0y Qnx2tgxpgWy6dd0VgEdC+Bn2+LAT5pk/7y3YjhMzedE/H+DRT7jqqCtv+0HFV2bz v2nfneWDGENIwCBNQETnn1ec6wU2Cvu8ZqVKpkK5ttFWBVYWV9K+GqmS/pq+INda OquNFzaBAc2+wWo3BwNgbSPiuDLlCwSSbmkiHcRa3TRa2PMnYF4LvrmHZip/WaCH yEg92s4rZQOFdaHut7xlL735hAtoSmOYLJIUEt6Lzc0n22zDltq7M2KowPWBQAZu gEtKTOeK4xV9LDUNtW/5eaFWptrE33DG389XTo7HFR84ZWkMMHata9HmBjSk29K9 ibOXNC+JklQhBHs6jLsFRdnZl9hwjq1326W6RxmpMblk4l/qyd/9ExxWwoBdp6f6 OaNEMexmzPy9ae6Qaot+MPTM0BmAHBBTg/XmoWRuhzwj95xjuPXtPfnzFF0aXqS+ EDiDa6jsyyPybW4r/7nHY/cwMx24ySVut5REbTqx0TaH72iJ6W5vkzOG/8xDqdMU uvW0bIvXynqrMbcB/Atq4tdfznSgkStDfOtKSWKL0AIKwzJvHll03kefVihexaqB Gjqaoi4SyI9TwzGVaw8JfsceVVxaLUib9v6+gkE+JTd/xKunapB/feWfYBtEjskZ 0BgiJagLhQX0Jq8sLwC8z/DcBtUeKHnconC0Ah2GEqH6cTah5wxZ1OlzyMfCnYXe YjH+mduNbubMKpsg/4uQzDj78jxL/2TiS/YmdTdKS4uqBR7ZVnR1NwHLl0nneIAg vXAKhjHBr1SqekqfJHT0LT1L/ZwqFvVlEOpChaLdO88Vk020e3LQ5X2uKjWUBTtK iHxkxKfJWRvUnhvOekKHaMXMorqonX3d8Cy9+gZUfl9sTxnEV3y475hsXuISnSEE TZbvE7nZTcnI3/Ssypc8APQEtJZ2OgB3Kc3afeu/FuSfQ4yR6PB/7jIZbH34sIOx ZftgNJ/k/8xKf8bxR+qqDGuMcHQIUoPPEwQOb+VVAbciri7I8j6xTvoXzAn1JmMC 4MIPIJqPLKA66mtNxw61xdA0+7HeqVFY2iw6BC/CAB8loTIr4g7U9+sDXkTrrxyB 8l0LF/iYfUX619Onm0i26KBZkuOhppc4prwWe3jFVkfpJ/EQ8Qoe2B9Iq459steR CwnUNnjEVEApl3+7VBJgVWQR/c2etJi8mJCe283B7XWm1QRNzSY5N+O+jz6JgCW/ BaBHE3t8/wSL33C37HhKypasndNehmgaa+WL46dYWZcVhlkhD8/FksfK5f5hs91q No/4QQmMPmV7bNgf7PvYLN0Tm6lSjX+z/DksQLT9gRNHSiBsVF8UEZ+OJd9pa5OB di/6YZg1dTMei4ya41gELc87cbhrIq6TJK0nSAVDOE3AtKeXFRdcDlwbfHCVI5e4 h8+P6BHT8Q3z5u+3j2u8qTpNWqzFw2l6Wa2C1w5XFCgcEt+fdYi0dGg86qJg5YYN FbI5jfDfOyFOttoWizLDupQmtEmtQbGktjsOcYmlgvcZpVBJcgoPvmL+edyLFkz2 xWDqgwpACzVHqCuLX6JA8Pxi7GJVOLGQIWVIyRZv3pU/dPouF5v+OVosT/ne/i+O OqsMPG4hlJ7sxpcWq5M3xJ5Y2nuFJEHGcIvDrQG7ctg0+Xh/1ui486mTHzNK6HWu y+HeTuhN6pF+ffC8nvLAU84BqWecXlNjz6FIKAt1cictXgKzjlwFkjasCYQGGCry KQBIbTw7jhd/Pd/vK80nmKh1vtgkBj0iUCfnqPlevwWGTWJGPRSdvSpXZ9Jg2KLm iFXuraiyp4dgZP6bH9o42zkjbjsdAmlv9A5sm9wHEQvJCLL/j/F4NlQz+HADZea+ dHB7Mrxo9OlmmHr+0gq1lK0/QU/uEQ== =qPuU -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> ee9aea855a39
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 79bc922c218f
Removing intermediate container 79bc922c218f
---> 05d590d13b67
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 452949a64e59
Removing intermediate container 452949a64e59
---> 2c476ed6ee9a
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 529c1b66466c
Step 28/33 : WORKDIR /home/load
Removing intermediate container 763f7058c8c6
---> 7e677166d2a0
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> d0c23aa4e0fa
Step 30/33 : RUN chmod +x /start.sh
---> Running in ceda38482226
Removing intermediate container ceda38482226
---> 09032ef9a7c0
Step 31/33 : RUN su load
---> Running in 2fc208d1cb84
Removing intermediate container 2fc208d1cb84
---> 49058883b53d
Step 32/33 : RUN /start.sh &
---> Running in 52ec3ad784b3
Removing intermediate container 52ec3ad784b3
---> 418d7ceb834c
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 1b64dfa10205
Removing intermediate container 1b64dfa10205
---> e9310c85f702
Successfully built e9310c85f702
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
ed97df5d0964060e877996b4cb0f0d46705468fd3efba3dd5730f34e82b5511f
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> db6a0c720158
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 40037b446ff6
Successfully built 40037b446ff6
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : OgBnnnHWhx
[*] Exploit returned a wrong flag string

[*] The exploit did not work.