search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #31

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf+OnFYS79TKnUtt709PV9LYDPPFFMjai+yle186RCIZl4E pRDkfwAuJujR4egeVmlmp47srx6jsvaunJ7uPadiLzapYaJ2crko6GfEjJ5wDc+9 hUlJxOUxSPsBtHoTQAcAeW1zxWMg3tksG4QWQdtrpmaFcBHoDpdxN7342GhpJv5m NlThLa2jqV89TyhaaWYc7LltsrpzFS1O/agz1M31MYM4hzeLKvXeQtHeOrvzk8C4 n+Mo4Zo9mitWwo4LToTF5boKTfcnqcuPZk6xoiBqmoYVxmYZ+c90Zz5l7BHilJDJ E/p71RC5Y29S6Nxo3tWgMQfrd4aJH1RJLQuaZsHoGYUBjAPcMgCV6N35oQEMAJb9 At4sDeJ94vuNhuajNqTUXaeBKEp7Fm9/OeYG3aygeM4H0qWMpG9GVcp46wuZr3Ab FbkNT9BYjgmioH78nNSdFxP3kqnA7QY7HWlS9VkaSPeKhcnQC/OGBZ0cmPNy8ssj 236t7UUh78t3S5x/vTnwi5yKhykcP/EY4IyUmU5qFspV8Zq9lRx28DHrjVpqMvo8 ZioV1axziPboqfL6zaVC/CPW1N42jQ+Q5HEop8Xp8rjJPygItEsPUMDv5q611T6c FIit54SMW/UTW0XGMzf1z1bdTKM9lql//YmY5LoQKyxPmJ7ignMbb4I7L84gaUNK YjTL+1bsjzRBlUmQj6k5Tb6wsOpU0Q0Egy+JwCbwz49C1Z7M/UlQbX4CsjWPx5ZZ WcYkYaf0CLyVZWFiF/NUANJ4Qo56hCAeBQbyP9mY6hRDK64n4BYN+yi5QTpEHORI eeLBXPBeak2cUYyI1dGoA68eY+I8p1RG94LqcJEwcy+IFJ3mA79KumckcKod2dLr AXZGFeHAPkQf2Ws0TTdxVnQ8++ntnowPtYFfvGgqD8Ryp1Ax6T/0R0PxMEziAOxZ 4Kkt03VwCNYfvMSNMW8AUN21l7MqOgOailhBoaghSSe6cgLgRADZXJXgkz8wcmpW TTgTQ1FldhDTzJxVrqDDKg86y6zGnwoEyG1JBc3ao+ASWSdP0AsKQvS7FRJvs1BR ueEO3jqP3FgCBXgQ21FxqLD3fu2TWi0wuVlu60tFJAIgagTH8couhdQ09/shl3H7 KDrGWbxIHhlLkR4e8v4EgSRRuHGlH8gw+lvIBp0sKx2n1aRir9QIE+/Zt9Yj00h6 KC2wzCsRXsKFiJZtVMihvE7uWFZgRQ8QFFnk/ooWiF7kbUj+dzsN5OqRBurmyakk vLp7LMR21UAldmFGoLM0Tp8RRLY6HGW3qxuGKx24G7m9J+/5NyUduoASfvtpeeS5 46TJMHmTrU4Firjjk2C1cgWd2EN3H51D/2LUsrpkNk+Hwsq5cN+OXypYXCHxPNM4 5yYkXZUpA9Hf8oHQ6WujKsQJuXsbsROKS9Q3+cTDgdXLcsIr384UtB0B3saGjWPt +LgeZtwddezJ/md4YSKM7KJK2lG88RwD1cspeA2w7LgBZbRQQHWMaLqCcf+f/zFl 69dy8wj4VbGNS8eX2KOh1J6oFtiI4SqO+YHz69zlcxvMo3jZobPQgLwZoF5IrbMX m/m4bI0TxbrVDQKomMRnsWN1E9EnrQU6XMPXJz9Q+E6R3hiA2jFvgO0BdPE4h8cB nav08fXdnikZ3h0nPkdVNJc+VLcOIxsDXmjW6Kv65j5fDdFNutrZSVk4dhJWGrmx d0VUKtGSQtibgblopf6f/QXIiz9gAvBmkVTwMWvFETVp0Imk/J4EdZSIALoLqK8h jz08mFAJrsCIppKoKcMA8ONSsxngoL1MnDGrkNofC7iqgu98sinBrrJTJduAk843 KUrtQnxvlw5/jijse0QQFeQgFdPLA46QgeJDoyG+OXaL1EUtUv5evoAl5phi+ENV lo+LnCJKX/0xArMMSu0/8EKntTyhF5+nhIg5iE6jXKskfYwjSLgKJxdgGGd5/xxC pmKYoLBC7Dc7bAzubfJfsgO9cPV7fB0wzNWt4eYpio+M2Xmoi+31wvXgqkRALLvR PD3dTqOEqTySzaFKUdIUiEjYq6Kuvd2quAZGwj6TI83UVOrthx6LSwQoGhKf3pzV Da87snPXGhdnbQ/QnBFekgamYdQSaVv6067GpDj1a05QCLKy7vHKhESlK5m6NGjj wyaL8r6tAxrAqYSnTBR8tMCihy8xdJ9ETeLT78LUdzBdzlu0vzRC9mD8JnDnQg+G t7prM2+qkUcDQE+/vtdEKYgG5113vKJotvNJ+yDh2THN3U5BEY7lse/3n67XK25i YKLwzlUVmb6b9Wr5AtZmbS4t8E7s8tp44LX9Il1Ia7O4R5i5EEDlnDl1gYUyzrJJ bRUAnPRLs3ZC8IsJtIULLZ0nFT3zRkelEMNaMCCjLx98fte8kKcwVmeIwDNdMuHN LUo3DBhFYdBiiaH6TnYb8bUc+ydIavPk75+sxv9qzqnZ6jZvTWjY5SUc5dpdJMd0 GApE1KTTrDWWI4DTLTxbh7s+oLFzY++2SacYk+jtSESLdBSz9zPBE/PTfQVJdYdD 2+qT/4PXss+bBVLF9XhrQPb2FyqNPQIrUfAiX0DqRpdCbMN4lwtCctdbzpJ+q1MH 3oWLU5ySLMx13lDMtnL1T35GCEmxcPYPtsXPYWyPzETkkAMY8W3QQ3SvYlBJBfCq /gJrlQcPa6Zb1ep0kFj+38refXoicg+cj3d4Cz9x+TuKtTgVCdgfDBiJSXSRgagg c1bXkqGm2TxI1r4oqSUcOwcE4LJDZCPpXXVc3XYZKAHbeCH/+QQAQ6LSVdAtIpTq Gy9uKnHzDsokacM1rBbWDOQcOR7x8vgZecB+HJhlSKPjrwSYO2paD1i714UUgoao KRMZlqKUbQCiEEVmEZvTHYrBkWmEzAmc0gxTrC+KgRqdVNHCJrT1HOkGAxRkBKlP lj65iaYmodkgsd6cbVo8tpZ/+CqnsH8Mg9ZF7/H+mYB0IZDHR1u6S3T3yG/6bjqS ho3YAGxW1gZ7wdO7BNoBM0aM48yY240g+hgL+hQB8PV4fyrvuYLhDsMs9l0mR/ZV wwXCGZ3Qip81zBmn0C4omhczUKaXEro0Nz4s2RgBJ9VHgB0DyKrJ+rKU5dY/Kdmy bWWv738Y1nb2Q4w21Yhr17ESt40d0yrAQVB29VXeEoc8RAfU1XKtH9HGS0vIVzLw 7+nztn6h5Ju6dpfyNb3JGkFPe0S/mfdnLId8rgjWkBaDnQ9O2uGfBYh+xDYfmwMd yE8ZqoYxghtChUIykKAAmkx7BxkJ3QKrf2M3gaH+afDQYhjr0Adco+9PBOlKjkvx N0QW264X4JScgdENeFjDikCz499eCIba2pGe8OjU3SrQV80tvv5HxVVlGdDBD2HA zUkFN04dpFtcdDmtkZalDTX4CEkdf34dvdztd2H7tcRJN/F3srzeFIeqZN6VE0bX 6V0VXJFVMmqqchIgRRq6RetHUOgJ/0V/hk4YBi3M/t0f296ZjD0H4IIw8NrQnREL 6kuBzKVX2QH74Erm/vLbZ/mTdWH6VmpskoraPTNShcNwX3RUbqTeT+nll0ohU43L k9rA8nu3TGhr4Al4aHqJOiF9IbsvJvuvXmj0H3c470bAtFE/meIjZH4BRid//rjh obhbxx8lgirCLpX70tukol8j1niJCl+dp1dioAHG0A9NUC4ejLIQfn18X6++oubS dbRhfhNaYnxg8jBD3unLnEcBteCEvnWZzI38new0ZCNGOqRllOvkeN0BWuRFn9T0 zKTrwTiX8jLHSko4wJ8x6+EzMm7xAvweVHwRuTQBLkR77UoTmuF7+wc9UGlyHUks I0ZA2AQf7QHaUsqlq1l200DiJ9EtHxVB3I7TUQJFdeh/G0gBrIqqC1cGf2MBigTl Jlrubg4f38UxXj8oMdVR0w+1Uqo2TcOUNLGGfwS8zKjTo6JYG0vE0nKBD1Ajpgv6 O9dQdwnh/U0Ixd26bmp8Cd11msdmwvPBi1P/uf763azjAvqhM3zasysSUH+/LlIy VSin9i8NQBkJB5+Agz4xFWfX3jFAI01E5Cs4wWPe+3blS4ITjpD+kUhgicyhbbyL vMbDtXbr5wP5s6oIql2LrrStdGozAA== =W7kY -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> cbcb69a8c2ae
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 277e9c98a26b
Removing intermediate container 277e9c98a26b
---> 6ab3c05ab00d
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in a3815276851c
Removing intermediate container a3815276851c
---> b403a8299b29
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 809666676317
Step 28/33 : WORKDIR /home/load
Removing intermediate container 53920903f05a
---> 2a980c3b9acf
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 843f08b974ae
Step 30/33 : RUN chmod +x /start.sh
---> Running in 8807ff82a61d
Removing intermediate container 8807ff82a61d
---> 4178a38494ef
Step 31/33 : RUN su load
---> Running in 57911d757444
Removing intermediate container 57911d757444
---> a6f9e539dd62
Step 32/33 : RUN /start.sh &
---> Running in fdf1c5784eb3
Removing intermediate container fdf1c5784eb3
---> 61f0c7fef585
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 8f62ba2c79cc
Removing intermediate container 8f62ba2c79cc
---> 6f8a985c844a
Successfully built 6f8a985c844a
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
d242b894a1b9f1d25c28af4f8b9fd87359d93f0da247a2bad261a41c4c588687
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> cd91d721453e
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 6c5e0fb7d00e
Successfully built 6c5e0fb7d00e
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 >
0 1 2 3 4 5 6 7 8 9 10 >

[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : OM4FdQBqeX
[*] Exploit returned a wrong flag string

[*] The exploit did not work.