search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #29

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQgAlTfpN9AEUdYTujAjWhP1Ayt7AS1HVNUE2X5fmsZ7BHb8 8LdgoQ5uA7vC5TcrDYy12FFSIEOhHL7wdxVR+P4yHQUluZtEakvfN91nk+wOkWVW z0untEf4tBpa3kVqu4APorU7kTNYTb9zfBMNoG+SEG259YVi5PMD8nohIdtjGsRE vv0SI4YraNPOrzqVyHrjfg/wzcRRNL84N1ez7P+UyLMmGQNFCrZIPxfQHR5tRZe8 vYTUe/asfE7yNF3zcBWr+rE+4EW7gaiI2G4nxET0fPbrgSkE4oUGua6wN41Z7flK EdE956bXl1YDQVLrLHwHp2XI1fogU6s7k+0icyFgYoUBjAPcMgCV6N35oQEL/0Rw hu5H+/yQ5rSJGFyXfNV/4B1ZIQHc/c4Am5oHufIPjBo8wnIJVHHBoki7SLkTR269 fKNXmjZReofYNjl7SSGCZR7HF8ywHxWJXPK6HYcN5QVP0BKFwezPOkBB8eTdK/SK Iu7iblnbWvD8AHiSXXNA9IIujMLkeQf0IzK6WPE8p9b3ih2lqHKGkT8JtaN+WvWG 1MYPN2P7zDKo0pcUwvmVBt/GP1Rnxpf9ZHcC9zgW83yaRuvs0hKnwXrBO1B6M126 9nP/ttWzPLwFXGivsSMdcfh/tc85yihvcR0e9l+DvEFNye+DqU5HcDPcQnwF+bz+ ER+9sKrYRNhtsavETd/KisG0yohN2ApnooqabnNm3A9pCllnMxHlHtveQ82tuWMN CYhQiFgjhYlz+L5dweSwqLCZG3sqe1dAb5VQ5M/hZ3y1/YPRwlc2HwVd+ymOS61/ ikNeI0A/xbOcDCgJzCeoCvegSRLXg3X7IsP+rWxVnMYvTnCbLzCnZzooH6j/H9Lr AYNH4g5oYcfD9X8l+8olOfWP1u2GK6ZXU7Mj2iKWMhxDXqPU+4dPhHZajXB8eI8p /dP13WM4nc+xEdami2Ki8pV+eiLvD7eAFZkEqxo1Cdu7413iyGj1otEt7h1GehYU rs9Wc/5MInnjId4SUvqOpvr2Yvy3HTCBgBFu4iOvXj547xNulzm5duU5Be9wcQoe 3UdVYEYnBIgROdXieaYr+IjhMen3DT0EFcmOQJkoGhib3KVEItE/ijdQTuAeb7M1 DiLBhtR/98OCS9IcnvPb4EXbbnY8vxEnS10MvaoaLdpcCAvyYTaa3FhD2apmlyHc oyQReV6F6nTdj+LUSdS0or5EiT/SoOmMqMSmNi9KtvkG5VKiY5Y3+CtizzDBqK6b C7we9y2M7SncAd+9T+Jnv03XL2lilsqvzg7kWQmwZO2mTwB8LEeQzt7IkLaY289G v9lCRJjiZVG9ERWMWhXXKUuMe7DR4FB2/m1VqTJagwsqFJ3SLrcIubaYyhI6gMuZ 42gUkVZZ6JI7OyCLuXgmGuTCXzJ7Y6RPLza2cKshZHGEu9xflgSeuJYDbJNg6UVE c1CnxODC+fINBc48Y93qGkOvK5+fJf8VuUBXlaEC2xj7POHvofpyJDD4aiwSH2ON 0D3zkPorrx9Xhec3iEOBVV28MxNBl5WzKm9ssgHGFCSs82WstEsFqs06ezWl//2q S9P9o4KLiJJEnWu7Br2gZ2cKTZdKXFrteTP8knwq5HVZFdYdeSOHLd2Crx+c0ppI lCkALKZK+YSC87WS4JhHPowb6ukoQ9swbmR9gVA4pYuLsznrhldGxxBEN94GYXmu N8UHKZMjvaa5IsGSaHsWLRkVSiJDxufeyXTzqPmlsIRhCVT9cvRm1F3QyKiP39Zd dngpxN2MbU69jTtV1dT2S2DMt6mRwU79nJ6LKvXSP1eE6jY3rAc3JcTeAeyTBCIK M4eimCevMdh4NeAAeqzFjoUUt5mDgga5NtlKyuTNR3r7/FLSCW0ckU49aGbaO/zJ /M3HrCOMbyI9a98UnAOq0rQCdLUJN44+sUYGpLEY9anbhF+HJ+L+ttsO6kAxMj+C QgnynuILd7HP0g258vzA6s1sdfSeiuqLuHIrksUu2M8bdH5PQVdJO02voVFltVnT wKtddUAvywRjPXB6ZqOA5HlpQJbnvVD+cbL3yI48+PRyTHar18oinTS7kO3Jn/t3 hm+V4HSkP4CquUM78HfJIovyRIwS+tFxXSmtxU0hWAQM7RYT8f7menr0NRvwGRZ5 qUlLQ/AGTdz1/1UlOWnJHc0xL9xBfSDIaWyJGTIjQKizOg1DyCoRvTMhuq3uYvcL m83vpLfGXrovVHJa8F2iJaW2xFeZt+XgBAf5pc8diw3he6HoiAgf6Gn1RCeOuMgJ QLtr4UKi2boNeXyTzh8Gm4My6IWCexgqoamRoEqIsKo2rPTPRTYRR4ti7OcLuW9U E43HAtOG3GniHg9LxvMjB11u01gOZ7LRZipha1N4A9itqQ41gpMl0+3eyRL0n42v 0gh4E7Klh3lfPvqjj7EKjuTc+CxUduB8dCXlxymoSfPK5SqSG5pw4B8bz9UjlBJC DKCN+o8nMsxh7+LPdQVoJq4m03PCTEZXjRTw8CZpbkvvkFkDf9SJ6cuKEWEk20iT 1+dIayj1mMHPqemsMbF/QsR1SVN1+e893bJ4WWPrOG+1FlXWF9Qa8twR2TaOiKNq WHY+UErTIdTajwBZvI+ofp2tXOMgwyGFo+pVjlSGzNP9DFkPufcCbqj3rTUpFjbv 41Sccgx9J4riDEMyejvhOokK7QCSRdK2y1s+CHLMneuBZcfCPA77K2tDsvhZLQ8J JdGho7euBV/Uw8RLmSjjjEPMiSW8pUa8avbsG9vtqY1LF8eutUW/iOGjwcknPg57 UCShzbq47OaYAPQfxHhvoAp7yWNupXXhUeqMldzeMbysBmDlZ2Ygq0hFIhMD3Vn4 uIkSKekm4cyF2aoorGD7ieVgqI4uwh2nBqgeFDbc4G6l4OBmqXUY4dMywDdV/K/X GWl3LvQ13Hiz9O5e9E2iAQYT/GUVssHc9bN+soG4tk4sAiRUBTvFxhce6hwpBZ82 B+5oPIYMdTEebXODb9m0YQCFRVoXbhyeDIcEDRfjIDERRUEjlcTsqpGbZNoRmH07 pOfC5x7YmPS3Hn5D/AacBsg466s7G3JzDVv4CjiKQOq0Jf+3RTO4LdC50MjH1Gg9 v3Sm0BnOqKvop4A8cMI3schFRpmuYVAcC5RsgpKs3xuNyF6lh7jSrV1n35O1dm2w krsUBD4dgmY9I6oqDA4tnPQqxPmlmZwJmNmsBa2FW+31WPAAXkD/RqIhk0ZYmC3n oaMnS0nKeZ7NKNFmb1CYhxdphMSG0B6/BGQos1b+KAb2f2sLmVSF6B0Zqfzj7zZ6 CIkzDt/LpLnYVqHB8jZUqDD4rCSNQRta+eNIXG9eR7yQHiwhm1jMeMahHcFAb0Qu WMLrmz4U+DTKJdVNEhmvqkiyGfD8FWX45TeLVzd8PSebqEuNEHFwOVxEe5HZLKB+ 0OYeqAGqPtvwmuUiWZJYb7WfQnCOFmXUaJXgoKL/oVZdgtpxILh9RtrMgGK05IOF HqK2k9fKkCC+s4R50iV3B2lGAGwoktFtz9eUV5n6HEhj/vVAXKC3iQD9GxHkAU44 3wotxNKffFNpYCMIdoXUUwdwxHNfBIkhSLlFBXqoKDTAsrTp2jXtxcSQtaMnB2iw UPmCBhm8NctF0CH+y7Wt4ctnEQz/e1+06iSvx7SZwwcrZ0QDIKuSN1YB0zz2vMWs teM5+jckFx8dQAwt5+FTDJEd7/W2wdoloqVEhHJvKevLDWVdx3sIz/V57klj57bu HZqwcp09nV/qmsdUe+jXHN5BoFnPgFsC188EUshtGmpgSPq6NaHEVqCHl9Ki8ltV 2YKxVAPRFCf/1jQNLTB1SdVhbDCn4gDlzfslUwnVExt0g3fe4JVC9azuIWNHC7hO 1lo2UuSuuf0QsBNLSRpsoo3pvOsDMGLjv2A4X5Dlpuc7whS/T54tCBujez47e4fS 4u85AIPOHTNAqrdHOUH/u2+rlNTHgZU/zHenbAs5tZ8W8Kf/88eSTQEievNaNBrw gavyFSKS1cW2sG6cuihnLaddytfbT6vMa2PFEI5j+BSOZCSVjXjcfOQjDHR2K0B5 snwCQIjaRODe/kxEy5YpH8jLGyA= =tf3W -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> 8c44404d51db
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 0b22f688066b
Removing intermediate container 0b22f688066b
---> 2bb6460f2846
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 5d3e90cbd749
Removing intermediate container 5d3e90cbd749
---> a33f8fecd8fb
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> d93cf342e5f0
Step 28/33 : WORKDIR /home/load
Removing intermediate container cc0c17f548c5
---> 7cf797fdce81
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> b0b6c70a0580
Step 30/33 : RUN chmod +x /start.sh
---> Running in 5980bc89a748
Removing intermediate container 5980bc89a748
---> 5bdebd15f479
Step 31/33 : RUN su load
---> Running in 6d718daeba1a
Removing intermediate container 6d718daeba1a
---> fa23424512cf
Step 32/33 : RUN /start.sh &
---> Running in ef8b3cd3d370
Removing intermediate container ef8b3cd3d370
---> 843cfe967276
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 5682b0d9ccb0
Removing intermediate container 5682b0d9ccb0
---> 3ec820f9183e
Successfully built 3ec820f9183e
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
87cf47db711e982d7309dcab54d543d867fad046c92e28cbf0ba758cb0625679
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> cd91d721453e
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 6c5e0fb7d00e
Successfully built 6c5e0fb7d00e
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : mwJGpbxnai
[*] Exploit returned a wrong flag string

[*] The exploit did not work.