search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #35

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/fheVzxBDLMWVanTeJMIB4YRHuoA1XCLxbuNt7Bbvnd9n sPjtHbaLZY3ozuOv7wxzAESqTG2SmQsy7IhE2ucXZ07ol/0p5ZFsuihG/e2/Fk8l FTsX3yxZVnO40nD0MdM6YT2wzjAXR0LitN0QnISo8M5lRDbEwkV/bBCixU32pCFF f2w4LLnGezqwPdoHdlW8zAvN9zibzdx7Z+mWu2CXX4vUh+x05oi9v/lQiU/BvQ6U 3BVUtR5NJHTN0JINcXlJCP+DF714zKPaJv4dWp2Rl9NsbWl4Z3+kD1bg6oiP3R5K 8IQXwo7Bp3GGf7s1WsFbfX6rEIROxX8+H+8VMtt8k4UBjAPcMgCV6N35oQEMAMSd F3wOx170bvhaZqQ1oDNS6zUXogXdsFw+NgePJkjVOJss6rNnNy4niOZZ9StBmms3 qelaHxYSMLxZ+5N0xM9KzmxfJfmFSfxFCzw2JRgDZyf+6e9cehR8HfAC6Wy473pm eTwlWEG9lTR3EOl6wJmgKso/bpwaZ3x/qa31do7szQvRXOEujM5QKROI7QB9cOVR Hx+PjDBhs7nDazzcVkm3mOPet6+k762YCblyhGdGnKsoQsh+pUU4kSh/6DfQd/v5 fVyfcW1G0hfp4uyfEbxqXHE6cGcDYLlSAHBDkUtMd/RmEf4kBoCHR9rC6/K5xEWk l+ErlaqT9Fq4WBxJ/F/BOR/8seULkjOqyUOWdA7GtzZ3X7WP7IgZLscO5eBURg9X JincGhsaHJlMMGepnpxxWQ5Vxw5Tz4rvQBFJtV2rUkyL2MOW1lAFcJJpTd0qKdgD KqH9RYdHv9rHYo6cw7FQIQ94g/dTrnLj5rcrcX4OtwZhfeCPyizthCbe1FjNRNLr AbPXLXLeGsH8EaFx7zE7tz0teBnmqmpk9LR45QpYuUrtJLnk7ttwqcoM2l/UVBlM cElGc30KGhe1VGsrSEnX4CvqYNJeY7KCOpDyGjKw3xejcRdeAe+uIg+t/Vmu3Zyd HHK+xdxF7APDYR9EpVMGqJwXpS5F4fbwFqTOdlg9P0mIdT1nsctiZXgeVAT1tQom uHsZQxoeuxSAX9GvPpG8tm4pZQfOZj39cpLiz7Kz3GpMwx08YAagz2BESSUl4Tuy yYCm/0uSOuGzdJ8m/IMe08KmgvwMbBJC9Q3PqcVnAaSKPdRK4lBWmxf5Z1KXI6hi HYyzOgTT6EuZOI9dH/Ypic0K4pxlZSQvbEZuzr8wvq17fyE4qGTyI3a8KQ5LzVQ7 xTV63O0R14FfO8d/jFUt6nnKCXgpCpDSoWlDntMnEXb90w6j3RKSra7LmRWbV85J bHlHLouMLeiKMXpAhRZU+mQGHmyU8/i69VBGkMtjGgjSAI7sn7oNCxYwRWL9lVDA sC5NcI7hHq3a5GTIM4Hpm1ZQUcZfYuZc0IJuK9tTkwmP7xOKe4sWnGBbIzHMtlCt 9ueUH0FNSxwWcqeF/rMGVnqHO0zbTl4w2TgGasLPbWWZjt1ZIZWTq7XzuawuzH8G 0sUeAH6nKUNaX53eyfiB5sJJbuIGHX+JZCL3tc5XfE8vndoctUppW0u23pv6AcZm gBDUGRPPx9m1TxebemuTo37CPFFpLbdVAdjiG0X7WXRnTxGiHfAP8Y74r/1pZMgg XGXECk6Gn2KKUeoVk/Qh7PuLC2tr4u/k9hblck54tb7a/WKvZDq8R/dvAXOLryaw WJA1WIAhqlgTbmKUlH63IrVP+M808+YuHmNtki+M8Hq3kq50Zxlg/Jb4P547xtOX SywOqgmZ5/XXAYDirLu0J0M3nCsOj/UYHvLtTw/II6+fi96wM44Y8nTQrrhvjPfk SlWI1PBXPQ0ul+hWFc1gsqnBxkhAWzQxVKP/fpyoJVsihlXI1h7NPsET+iBwIqiu pAWlhNY72E0RYN6LwgTA2OYQawDSxatO+XqJVoL0B0w8AKcVhd4BguwtIIzRlmA6 /9lsbLlTM35VJjtw7wqfxZsm2w9OFrJ618+RR8Cy1JMd5IOLd6YF08auck8FDk1I bH/I1+kAOGJys2J2R0LIhI/kEFS1gbRvUX5Qa0VAECa9vPdIyCK0uewykDn67CuV RArT0EUy0QbykflFoFTSFvhzQqio045CJVimb7SY/YKL28FtcZMiiXVdNkJkqRyo xdJo1eHvnCMNZr7nPrXAYHW+pCP6zF37h/qOPbe15fy3TC3dvleX3elnd3lvCiDW ehM0kXbhkFTm6PYFxam1gd/jQghS+m26edIJJ6QL8/e1ZuZFdMPbjSSLdTBVua3W fv1NNsj9myLRbjskkkXLPhmPJ0UDv+/4qnr1UXbFLi+TSEcojC7oPfwpTPihf1ay Tbj7bSNQO5AoK9almARaX7v9THDt6/+vgaEW9whzX6zawrt7KDrbYXzBHV11AbMN TtI9VGMahsgYgGV7GJIJYPpWgFWL4/teWA0bfqG9DmhL6uV21Cq/PBbeh+NigrQV e8IbpRMdCnhBsVFZyoB/hYblClLjIM0gqbvIgq6nvame+zaXdPG3HWPh8iKrkblI cZyeZNFLE6gm/INOkjdR9Q9/rbOYhNswjJHqytP2jGk0QXubW4a/Zsl8qDy2T/i9 FW6oWw8jo3Y4QyVsEX7CcLc8M0+nK9cninQpRsOlvarEjbgI1PZ2cxk1/d4bHrcg GXNyx2QFXiYtb55vRk6L2o+fkm0d1OFdGmNEg4IoMb5dxHXArtdAD7RX7Jrn8XI7 zHCQUCAgxLtsqN/dVDBmnVc8EyMvPQ/xVT3oOFXl/sORq+doH28aykOeyWNpawLR 7MmkE76qmtkz4hzuERGd4RvbYuAkzodHrI2179hWgAQvUjNfR5sakzT2CXYmCZrc VH71ZLdyeHFv1S0Hlq4ANCpJdr+KEJ93864u70r3xYIzkcpxmMQ8rSv2yiVD1EpY TlqEioiyv3g6K7HisbkodldQdQinWegfWJovZPGeYTvwOEt6flL5scWciKGGSjAA RoyaZkZQSP1PbZMngdWEFD7nTBWmqBK+bvCWstsb8MqJXMaInVh9ac37tOXpcn+u NLld1toPG6wbdRUEl9zoR9fkFNwcz21WeSnDiqBjdNocBmy7BV9/VoKLekjDBaQh 8ZVNzjyI0xTPvCsYqtyaypU+WpaYLbsE0SGQmxJ710CU9rdNxsq4AfgAyphZEtSd 1RuLCrNuEXYPrC7J1vcqnmjmCzOzVhGOIoZukyMwJor6nLcmMjC+qlkXCmMVCMnR 7gBn3RMOxkJ98vcQuciwXDqxsP0fciMRBVEcbbPyz9GGagN0viqANs23qjvQQflO DyTqL/eOCnB3dRcnc9uAB9/mpIFQea9L9FjpRfUf67+mY6sPYD3bHmfMG12VZ1S1 4nfBuvdWvMkQvqmYk39GOfDhCT4sIrMn6mt7oJce9R8nR2/B0tRYesyrA1vlmlzP EkI3I6YlFpmEkgUKN5Bk969T+OIFOaEV7DStapNCyr0QYIT40hm9L2qa1jGfMQVa yIhf83Gf7VVVLK+N3cO3Jixxiu8IHI2V+9aMruFc5wc8/sIINnDaallnHgxI1rbD rISWKx+KE0skpomcju85S2OZrFKIsvHbxPy4wKx2FEzAsEwPqeXc2iBmYGNMXfgD T6zVhVJFZQQB3M48jYNga4cC85G6cmHcOnktPXq1TaBUD23XThTAuvsuoSDsH82m WBMDCToRaKEhZvo/jy+IYyy8KD3LdykRiziDG13enKBv5u+abKfCl/g2oUXgEqcK P4n2TBTahK1jnjmvOy98dKp/AYYI36/b1WiyzsvnV33lksVaF0hEsrvSIZbb/3M2 1Bq72M2V7i7tKqqGx64ylsJV7kmvDrP8q0DQSqafuSn+Jrue3TOCtuhQYdNHBGoc p4FJtQoLd9QGXHIr/NeNA1AeyImk4V1a6HkyR/L2yzIJ6D4mM4jRV1KUFU1Br2Ai XOr8RVWteKZ/6sijb36WQC1YxLvh6w5Wt42KqMfjm+jEN78ALZFpNsFeXGesrPPq NIHzxc2Qv/UZkrlIrBLZGpWCotbsC11STJXHtQ8miVG/14Yg9jij99GcP/R8zdu5 ZYr60+GasssPa2Pz2tL0NJ+O =tWEr -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> e7fa679b93ec
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 8e563088ce61
Removing intermediate container 8e563088ce61
---> 93a22db44799
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 02851626d1f9
Removing intermediate container 02851626d1f9
---> e2817d4420ea
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 7c1ab280e78c
Step 28/33 : WORKDIR /home/load
Removing intermediate container 9c4d92c7eff1
---> f83ee94b73fe
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 7954319d540b
Step 30/33 : RUN chmod +x /start.sh
---> Running in 175e2ad538db
Removing intermediate container 175e2ad538db
---> d9e0bd63f356
Step 31/33 : RUN su load
---> Running in 458e73a90372
Removing intermediate container 458e73a90372
---> 4c34f7d88503
Step 32/33 : RUN /start.sh &
---> Running in 939bc742b82f
Removing intermediate container 939bc742b82f
---> c2c9663dc0a0
Step 33/33 : ENTRYPOINT /start.sh
---> Running in ee7979fa3892
Removing intermediate container ee7979fa3892
---> c1b913d42b07
Successfully built c1b913d42b07
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
4f91472d294cb3d4ae33f0c918f009c779c04c7cad8ebde431f40476cc7c9d77
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> cd005dbac82b
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 68e5f6361bd0
Successfully built 68e5f6361bd0
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 W
0 1 2 3 4 5 6 7 8 9 W
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : FrVdWXCabN
[*] Exploit returned a wrong flag string

[*] The exploit did not work.