search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #28

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf9EicZL6ZRbhfcQ0ZZ0e4xMKbQd1Oq+kPXzFv9AVbpcE0y xA5O5AGdU94cUo0QvGohTVBDNb/YQ3TYEUybvFSHVeqfMs3BBJj339cwEfSetJwS HWUI8lMnTEq8KE0+I3nFNIJqOgVICx6c2+zUEao6IpkMLtbbvCa9JyAHBpmuxI/L zMr8J3bXKgiMjr23q+rq30EcJf1YmvU7cSEJEKy44PjuDmZLL5ysP4I3vu9O3zg1 r6iBJQslzGRp2Jo6IX1jtSiCC6GUIXN49Ma2DsGclZeFFCv88fyz6QERKnd4XrGZ 9JtNrjT8veNwXKwiX4Wex0df6Pu+pvYz1M/+ivmbkoUBjAPcMgCV6N35oQEL/0Qu asDm+P3exQfrtCY0UIXQBQDFcW8rAL5a5dLucYCbKQCRA+IW2kzd1nwi9jY2PJeH h/zvfytjfjcyz9rGuD/9OFHERP8Q1LX0ZsaXiTCr7etidmiMtrClbSeunQ1AcDfS OKMByAvZBm3M/X/7Jxe8Eyk/G+SmX1FRDesuz1kGYe28dN8JqY70hJTMoH5N3EpN y6EyoKyjZ8Tf0+ScVV60zwd0xNqpVlU3nvAdCUB6RWBin+KE447e40XhwCRF0Ijp OA8HunCfvjutOY5NH+IkNif1euyl/Ok36f/8YV7dkowtD3Q7dr//rBR6B43RyUQw RA06w2KvdgRIke8w6QpyUuRG1t4pId+8SVUugtLNGmlOwKTxBfMp7Vh2dE8LGVdP NRQyFVgMDmGdUl4rPMPXqVZHTjlC5+QSiTLDvTGNGT1iySSQ/Zu5oCfNg2jXfyPI Dg6/Rg+eThQieQ/Ok5ApITvPrFKnMOUyt2pfsISQf/M2mc6nHHZRLcxTPWAdzdLr AfzhbUaFxbqdrSjYKS/xaE+zPtvK+2V4yGIpOrLoVrWT57Z0FDzJ5Wglxkl24Myq NZo7FljJxkcrqyXFNhll0kmlk8czAL5LyD4ytuNulkDR74Z4CeqOw+Du+wrRd1hT DGErvFGjODDC4IlMyBZ0CT6z95R+qN9RgqP3uiiN+i3+XZ51ncXNRkQJwQGMQzv8 5RvCxdXwfJsAENRfi9oTG8NDqRcVAJtbv6rrI8uGpkJC64el4J/NhWFHcWo5hSaA g7p2GInM2KvPdOdmCW3FiWsrKtliqRI0z+oE34W6/h/Y+uToOgw7j3kSJxwDIrfn DYGpJA510cXWxRBBHKSeq5Q0cIwiS5EcMOpI8hdsp9z6ZknbOaBliE7TJjGoDbuj jAY41B7p9fyTZwwOjHTCU2Z/58L0T13DPBbQbVASxhHnZPQa/rJx9sg2xi0Ro1UM nYzUdaqj6PDYtjCqkxhCbPAvsb7D8JvAMlZvox9iDKELz4wSVaiQ3loeSzSM5135 wziT08nIxpyPrNcUyNbc6txCM849GvZBR1xemOPG5LvJimsWokKunbSQqB2+nrd9 9bJuwKALEE/wonp9fzG/0iPFwIdid+5a2HWf8NOUEGMYPYG1ovHYU55AEe5MnLC6 IMBmaQQOnWzBCLFLWwnItctu6zKWETxglCXeez736J2lSgoTmo4KUk7pzCXj92ES IjsYu1F728ZJi0CVGhuPWx1Ci/bB0e1Z/pO1ZkS70+1Zlnx4vhhX1EOL8saePlrX gpJCy/06KTQAB7FF5JCgixm18SBasS43YZb71Jlr4K+C5GzjwIVmVX1af5PlEiZb Mi43aBaDt0UKoNu/jjJFjFyPQ86Fcyz1iFiR1tdOoFgtABwSmX97qpZBFr+uczy5 NqFW2WPNwr5QkOPI9V0teOEoE9fqrTxlGLGp1FQTX4SAF7cHj9ZJQt0CQt2Vs0Hw 8oE0uIRILOttGLQ52OR2yqBw77kKSmqLifVF3KuAeyQJniJ1qss4z4up13lWbbmK vP0sC4pl61eSRdRVHojANmk1bQtqp0ApCnt5X3Puk8zt/x8N18NhkijYV2hraanT EUGmKNGJx5qOk2i4vZgwXOuVnBapu0PZGbkpbMS+NvEeDf2DVcFlbhgdljWW8WDK yWOGp5noAk6zyVCyhGrijuj0w5wDsxrAFNwHMVI7C2ZjTNH8sa4Z9acptQ9Cjjrc Wf9URMrza5v/4mFweJkmrtQ1lfPrTrjz9RD3+WJXpwS9YQzfPW+uU2veMi65YnTO UqVfxNl27Wp+7KnzivdgXynMcJQil/ncpURQFJA9N/SptuEXdgMNcRyRrMkcx4UN /n5JT91Z13uKenYedhelB2pvp/V16O2LnXVjF6ZY1UMPom2kSL8cWpwztEb1zAmI dSGtrfYNqQkAxC3F0IMGtXuWtKRHvTZcerDjxW+2GVB11Hw3ZWhmEi2v7ADXf2cs WCvH/+h6x1s6HeRHUE97K7YS/AN8fPD4HO3+ZO5UmmXdVenY4L0VJMkdJNSMRi9n ec4+Gwz23BuhZu3B3MiWnHAPvX7WE2q4BnKPsLvNBx+tRL5VXntjomzew2td/NIi YvV+1UD9LTRpK/TfXn6M+Pym6aGP2H4Mp+BvAzcwNK9yL2P2tHeGVyO/U4nsw8Td 0GDJZyiDFSIUwPZQH0pT7bRjEpP0nG/rRV4SO5vPlgsfRaPEdk/nnoVWkYd99Vl8 e9UjRry2tSuZNGnjPvoa7rsVQ1kXqQDcHZU+RYHoUy/sSZzJ1kzCYXxwbBfteBSo qyYsHxUTTdZe2PgLo1d9BeJQCf2mhm8RPr3xigyugxSzGRsII5boeDD/ugBbhBqn HP9dxr+vmGDttcqK1hGbLd5i1W5pNyTFq9xgMN2msdQE6RKTC1eVHTXGiV1FdYHR p6pYuX8CQDaDJrUgwqt3Z2PxR+gmKxAyEfo3MXFk0acmX7WkSOJdJ5q0s0dde7bh sR/YA4HDHDmlZ9MUbo2YHq7CBe2wc8Pvaq4IN2CuimtR26SKZyGhuZESfHNK7d8p ICkpyWKFMArepoAjIUtcSXz+hOt3nhudjNuHYiLVTdvcpp+JyLYWgaH4tlef+73v 0WM3u55xhqixiMWGLsdiFUBEbQlmK77i7faJkX223pLT1IyZTEoVdU1k95Kzx3FP Vg4viNsdScgnBYiHLqLMa/0J2h76Dk3uqCxkvNCinqNbvt5IX6ioCBiOnhY+nlRk 4/b4cvt0U8FB2ujJcI3xXKdIuKooLle9oYDYQFLH9+4Uw/eQ9Vhmxf7Gfe/OohbL Sq11dra7St9UI4tLorfGD1UxNU2rg/7N4WFxaOOwjcB9lGuDBGoCERNbRPIcp7Kt rUDLinXAfzB7gO+dXUL+FZ6ETgFVVBtZLywRn2V2cgId1bqPrHFYRmlcZf54oF9K QxQPuLKXpIkqTtGiovx7h3Liy/U7GEe0KcPHmD7y7mfdEq037rF85Cs0GSd1VgV4 vW9fDfUWy4SHh60rJpy3U0eN7KMd6h1Gp7i2XyvQml3x+6JJ+vyNyxCgrh9MHtyd +Vl0FlBVXkx8SISr2h5ZRNScNtWEEgGL1PX7a3TWF0mTmtwI9nUdyV4YQM68OU5L LDeq8bKKiuKbirF1NMyH5V2osstG+R7dfmAg5k8btaEmVTshY3DveWWj/K9FqYEi CTuxGiOY/KVAISQPOMlzLCVncZxbaP7DDvTGBvpQRzzAs6AaDidIUTqqD1/DAOAT AIOG8TXd0SoYtGstFkbpQKMS+c410HerbinEoetzTlSiF1x0ewVmOHs4ZIC6sys8 SaJgtmPJGSa5Bfnsd9VSq3tDzmv/V4yHzQKBmeOEijs/LZ0y8PVjJdi0MPhDGMYg ZQhEhVpCrz8RMTIKotv/EKEH+mH2d7WkQMTwBzy8W2secOANR8Z860v7E/U4YFi9 SQhelgqRoiwpSW0hmSeQNq9a/S5Bnf9Nb0sRFutiHCt0Jpua8eD164aa20tp8gzT hj+bCGBbjoACdQ8sUiSWPI+lAxkvJeDLj/BaCZU2NLPJ6wrdSbMHZn7cH9nA2Fke hfWhAloHM6+8oiWujj9FJ9IMKSZSVzrhsNll8mOK57XmjT1NiptRS2897afu40yi mF1ikcX9tJp7XopvT2w984OflSDhGzPZNlxL9zH1vqs5ciBWVbwHAzg4E9mNQp0B KW5sHc4FTeEXJaDNl3Pjt/MP3KVI =f0OC -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> 52cbb5d55af0
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in aace2ac1ad22
Removing intermediate container aace2ac1ad22
---> 8e6cd66a73b9
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 063f553ceadd
Removing intermediate container 063f553ceadd
---> 73387bcfe1cf
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> bb64db7a85e9
Step 28/33 : WORKDIR /home/load
Removing intermediate container ccf3f5ebc8dd
---> dee7217b8873
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 68eef2ebfd03
Step 30/33 : RUN chmod +x /start.sh
---> Running in 56cf65062459
Removing intermediate container 56cf65062459
---> cde5a4765bf3
Step 31/33 : RUN su load
---> Running in 7abac77e0a42
Removing intermediate container 7abac77e0a42
---> 90356955a3e8
Step 32/33 : RUN /start.sh &
---> Running in 76fa31259ef9
Removing intermediate container 76fa31259ef9
---> 0029fc25e501
Step 33/33 : ENTRYPOINT /start.sh
---> Running in b3e9f34904b0
Removing intermediate container b3e9f34904b0
---> 6efe441927f6
Successfully built 6efe441927f6
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
da499bfa2b0ddb6d6f1c67aca2b1611925136804ac7faea29a6395a138c8b15a
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> db6a0c720158
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 40037b446ff6
Successfully built 40037b446ff6
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : 8zXv0C6UJc
[*] Exploit returned a wrong flag string

[*] The exploit did not work.