search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #34

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf+Kk3jxpbg0wsUFXJwSP7g+GNz1vZEiiAdS0BMygn0JDZ1 vvABGWeRbk8U9b4bwHEz+5iWZYR7zIf1wzZK7gMAN21AEKgebx834K7s2LEW1Y7U qFoG24WLS0yNdryb01nY2idk5qa9mTbL2UNH/8llsQnE0x8uWc0Ep2G+dn+VLGi2 +xs1V2kDRXWhIKxe5cqDAJZl2/NDUBX7iZ7wPH3Rg5TyLkv/YW+rxCc0ejpLgaAU 80H+5G95AXRvRq4qC1lYfEWzoloaLCkasuzUu/9gkVWSAJtHNddnG9dR0KgsQMmk UCa36RNF1vL4zdTqQuASKe9YplQ7U0RPW0w0oTZtjIUBjAPcMgCV6N35oQEL/37e 2ke0ui68jnoN76GLpX/rDmi3DK2oxGXFOVlT2XdjSaJUwpawPJrrpSvoAhAi4pmJ Dqjdn6KZ5FWDU5YJO2bfxhd8Pl+sgua7EOwHckl3CyAm4LvZWv2F63p3hQ0qcZNL YoDmdoEGcmCRiK3rmlhPD+tkEd382TDMSCTrugne6AFsqW4VTIjKLyuQYHkfMoLi naYurOHH2lYl5EHbxrx3tMQ7xER6FwVIkt94FWe68xNVb/La882JMwfvtF8bX+DK goyvHVzXkBL/+A/iQxjicahvO6tqMXrPLnotY9SJ+k9p2ziuk6fLi6DGEoeaRc0B Rl2r0+/VxmLpxB++90gJyW8CMiNmUoTVVyzFm6mtTbgNCjjCFe3jnjE27frvHpT9 rSJZz3SRwaELMzXVhGi9gP28WnCZnMSwr1uIvvIfYWYnMZRquojMkrvuwKkLC1b3 5e29NUjR4UXcnGakPGD+WIz3kMmc5YYWQLlLxEd1bhALDI8yiwYXM9vADQhmsNLr AcglP1Ptg9/igsjBYtEO0TgGputeEUiKyr0S9yXEuoGwzvB+V+F9H43JvLHOXr8e etwfwXqPiMCmFhy+WiD70kujNKuC3duRFa9F1qDh5Oj6xTWTpQxKLLX4qgZWh1z0 o6YUte9cKUCIHh6VgCOL+wulyIasl8gPlw1HUTPqUCDGVITbBWbpsEUX/KkWvrdk 5SPhZ0qABb7rCdZN7DToSzyLcrRlI+3kHFD7MFkg11XrNhL/J07/fxHcCt8rs2UG RxNjKpfibaCBIcZi6bAIewV7tZ+g2TuXnIhBxYxjjHxsQJXLK/gjhk3bsqowaRVN hlRp+DibGfk0qHb69een2fiIj8lv0Ru8PYb9F0h2zynvZlW0/Cq8L3q53t6LnWmM 2kPfzfgIkkrDjKlOREJln8/h5KkREQb/5VkOfJLl655E8c1YleXGeZFM/8bNvhOm CPsewNdkdq02qazRC4jNPd0KTNa4fX38ow+csiD2kiE8vfmiQJ+culL6jkrCuVIS fYDF1BOP+tOlZYRZNWOVOWVEz5oP09wgu6FISNID9i8xO3MunmUJ3QV4O3Gc31V0 6RN9e7uVOx3qBJNQb9Kh0WvdRwQjWEoaeB3HMjkqCnoklGNU+iyqoRtIrqju+aBX rOe+ekuDGdFncvUUvi7YQ3m1fFC41VkidxiALDQFTyGY6sLoU+HeJBCpIbuDlvhz rsTAjiRKTcxKoU80NNnlPzW0V168tCiFCjaC/27InWnR0ShNB/Cs3FoPs86Q2Vs8 FbmYyD1ulSrmYpCucfkeiOqr0+b59RHMrwRyAZIG9yg4RmxNjXtmjdDPwwNq3Riq XtQLqq6CiO2bKXghfmxqV2tXCfMYketJj9aymS+6BtHn6er9UPseW0k5vwx8Jsju jI4l6BM0NP0H86fk1gaBJilFiIJmEZRguinB4Jn23p4irgRVEylbI670DRIYsohF l4QX2V+pC13RPUBfxn/A/Vj3v52jd0dz0AqnnmNDn/lGftwz7NskF4m267Ycx447 h6aI0xwxsPzbLo/zmEc24p7sO9nHLvi5sazsiN4EWyZLetlFopqZo36HPN783f4k lHMfzNXbEOc/YQJMUVLemIr0bnih25EJgEgBGEZMRJT+RhwdNoFt9eo2GJg41WUS AmRAzJp/IxHMnOdNYS6+B1yZkWzC8XlKn1uaQOY8HjZahPB7AQv+Mh2vX2y+DPbh K+B0KpQWKY1ezax6P5v4vxWaeo+th+byb0dRaNyAwaxvO8uTpKVTVwVQ7+XZrqDc XTkuYso3DAK8Zox8rU9wR5WvEWQUTSZmllpHfcbcznOd1JbQPLXyUZVUOdkmN05V jldNpK8WSmZ3IbIPqHazkya09FAyccC4w3Q3XHLBpaVE7QkoU1s9Oqs+sTnc77th ae/sWw0ngicZSuHGtq8bQjTlZnCSI5cVFRP+aqqUKeHRtCgrdUZwT2yNB+2Nh3LV pFoiH3hm0/mStFmR57PWRjuadS/yNNQzMym3yuk3cYwVweriFA7Sft1CGVI+PP8Y BsjMZhYdjQ1GQ6T200vQLexKw96MOGaHatl5kPElZmMVwqZz3sIoyfmlVGkCr24p mZ5Gr31AtbmopT9ELsZqdkit+TciFIg8cuoRmqgRCwFJir6OcUD5+pB1GT2qttbC 2NM+VLyLxUSKv37xQgKZkBbL4d1vPm5L4P5RTgHbAFepQsiWNQBqk7BTCEwJZRmg ZJ/zThB8CVUF1nVeHV9hxkDSF4pQtMbSK9kVd1StJl5Ydv9E50ISQugqV2TYK5T7 26aIhnGIWhvnUxVdus/+9X+p232cg5h7Irzu/L5Pchx7h+8QEdwJHFBkNU50VTpp QpNBotbxygxuNPqTHhN5oWLw6QWEahSUIMia3+1Ua3MWoO5pzJCm92+eu6P4UwUs 2mf+E+zQHlQ2wAAtamXAT/1lQCSPKqHvptIsNA9j8qsT19qes6mUov61gHFKA9Bu jIOLapLPR6vqBvoV3Immi/LQCSSHxftKaM0FNq6Zj/qI0hpXJsoqyvSBBuRgKp9X KgOeeq5HIopaoiy42eVDGlqlg1JS5K9YoOJk/2O0MKj29sqr1c3hbEagCpoyy5Ov 0tPWTcqIq5RtEkm23nAx3PQEHFE1ROrXfiTXiPLwMcLSqxaHQSc8KWwIKQXPgjcx hZ5TXafd/QxbOA4t7d9ssKAYg1XKh/TQ+86Yj2t+2JqiRXNS/fcpqcf6l3jT1mmB j2acaSDwSoM9Pwtpc5Gr3unik0mZ6Eedg0H6z0aVuysA/VEkL0GxuIravzb+Xezj qoUCgko/q4mKL/Vf7drInfCidb2okn9qAZISmxKQsyqRodF6SD+paCl2FlvekxdO k7WPFC3/VK5j5h1o4E9uIXGIb3Z/2XU/ftA8IvkCdigBHjNCOBYVs+/CS8KDkBG6 JoFPxeFhd8UiVWNTCq3FTMzP0n3vkh/og286D/qA7swLA0XgJ1/OCVlCW3ttr63/ l7AdCTlMeqA3M2LvTi/aO2YjhL/pcIgrNU/yWuzSfYMhW4DpFhyWN/ezlQorOu8f Ba2yn0p9MRVqyUBzaDClgqQUuZDfkrUCipNFgXJq62d1cx1lbiVoH+HZevQwKMqC yjyssmRAn1HUKPBKYyd1kqkjWneBjw3TUNtmxDBAsqTuNaZmydMFWjUQeBu3iT7d ehL0yKLAlaDxx0DcdeydefcKgxF53rw7S9Dd0h17BWPAsWAfenBM2zyHqyei6/gY lnG09/8Iq5Cw805TcRVSwNXPKVRunBBo24TW7Nzs6FlW6eaMnnJp06PUNZwypcJQ yiRjjvoApqARe0yG964e0RjohKHO3D7NKzbkBY/HOXSv6kwTU5p2zPNGNobISBvF h8+uJjSxg8X1hJSDP3oUNUqhkgYn9mgIq8dF4Kqpk/8qg04nH524SS3RfNu9TxuP igCoA4s2n2aCMX0kIVqaTVjLzLasFyzjcFhREoWR9kAWIqLdvSXN10mwZxwtx4RO HCT2IgMEt1avrqqjros9pFnsl4U//2kJsqh3Lf3ix6VuJQvJOJsEC9/IBS2/onKu CAvxvJBMNv9x0M4mB3hl9VqonktnoxQsrtGywCgkYNq0VVyF2Pbd2LOYBee0oQQD fbk+Toz3/R6CyWAC1LVIbNPi42xdd1kqxQf1+WgeKqc2eEmpzuw6ytpnMjBq6loO jwp14+JAGAKrY95SxTraZfRFXw== =K9yG -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> 3b5f6a4dc598
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 9afdf93a2b70
Removing intermediate container 9afdf93a2b70
---> 901d93c6bec1
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 95e753eba1a6
Removing intermediate container 95e753eba1a6
---> 6c6d67e14d76
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 022f11e3f95a
Step 28/33 : WORKDIR /home/load
Removing intermediate container d62e90f0214f
---> c85b68f23da8
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> a0dd878a9992
Step 30/33 : RUN chmod +x /start.sh
---> Running in c4ee263bd25d
Removing intermediate container c4ee263bd25d
---> 6d245d3e2161
Step 31/33 : RUN su load
---> Running in 3ef859e64a5c
Removing intermediate container 3ef859e64a5c
---> 3e403cad0612
Step 32/33 : RUN /start.sh &
---> Running in 7a969f4540db
Removing intermediate container 7a969f4540db
---> 5193a834ef91
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 1f18a66547c8
Removing intermediate container 1f18a66547c8
---> 93b79a53be86
Successfully built 93b79a53be86
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
92b87bfbf7703977c3a4f78a0760114f5e1eadbd2ea4c2b7805619998734323c
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> cd005dbac82b
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 68e5f6361bd0
Successfully built 68e5f6361bd0
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 F
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : 3IiI4jkRuV
[*] Exploit returned a wrong flag string

[*] The exploit did not work.