search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #37

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/dlNDu3TNgRzOA/Rn3+7VuuosDtMhE9or9Rf4fjfNB9Cr bHbNoDdB0Y0DyQO0agxaX+A8sNNlk11IRpKiei95OPPPn+URjg47Tgc4yw6sQLKN 2Phzb8m/el7qVBBY7E4sSnqGGO5bQ7bzizOGUX0Lks+9EAX8DBURkBI/vq6Jy6ru hx9+JZWWMy06sONslPQ7/J+G63MsmQNw4rNezFEaU24VFHkMSikfnmw/kXr4SH77 NNvZL74YbmhYVgIxr7J1c8InzUrbRpzd7YV8lGRPBrxbtRrBtzNmYnY/dy74Pc2U rFQGD+90u1JSKuL6AwA4qQBVrf3TMiOruZVJQrpHIYUBjAPcMgCV6N35oQEL/iaE 6r6qwyWthLz2x7FwMZ8s93YU7nQfpUf1sjQIrftVqiQfV09n6wZDeLLmhvbaUnTx oO3MuoRAH9L0YFAr6Gho77zJq56khxhhS9kuP3OvRp3g4DtyO6LkcGkHhAtU+S6O usXwCJiRM501CIs25LoYs4vi0CoXoklpHzGv4KiJAdh5HGjZ5NqGaiJJuGAqezUm SM2rBLyOtGw5pbo6mjXoQTFEjL/gwpE43r0f9H2SSyWe7WOKDR73kfwa7H5MjAM7 JxofTvK6nJjRFhRhWCLxlTHI4B9y2mr5q39KfsAEDlIeMTf2YLJer1CrLTs8Zq2r a8TWqpXlJ1q1egFvS4rUgpgZ03O09ziWcoxHg2V9RfHAn3U5bQQLs0R6+1x3U1ON 1EbTzyeku85uiMZVE55q16qSLpRGSCz45E08lMELHXVP+gPQeQLcjEN54d6DvApJ pTeOpSPoo2Z2k7VzGe7pe05ApCPHXLeoeuXbvJ9fu5eCr3Ih4WOaAW6r8KNYaNLr AV+5kAEmVlP/hsGgqWexFgBU55316H9KOxjvZxhDg2003NgpNkR07dZMVe2tv782 kdkr2EtX96UMoQeibSGOHly1XbgtZg2n7sY8mcGe8Bp4xYubD7qv6749m7STLlZt 9f+Gf9iPjxr7mKT22r4uDt20doDdKB98pI2ji+V8UuRiXdlCr9uv2SMdXSSe2ZX0 d4276mB1pUa4QuA97xzX+ZibnNFRAzNRwcsgIrc2BHwLbkMx+qfWpWaM+CG6ezR4 1TeEVV9aiYEruZs7lVizPeOuFe9oEabYh4o1JIYL5duZ+ALZGNSabczACH8ZUyfx CvVxwoUcKcr2kOwGdFz8cGJWLxTmGLYgMb0Xraibo8Zug+ZCMDkK9LykD0LLfAf7 tovX7yrPJncAnaOeNGpm9OFl1fovQmE5n/EkbuokXKylBIuMh7ezP4oiywUl1KOz +BY4TZgEgCphHMDWGWuFCX9hQL+qT0fYMwUrR+V1C/pfuyNGAz0qwbtKXYuqNoca fgg89trmKhJiEGqlbk/rXYtKshCKewDvFUcv84dmsRoxfmGbhWVNaY4eNGeG2pHD OdEJ0+B35NqNnBcHInBCUfnORPU6DQ9RMip5HPEbkk1mx657m66hBcEoDVNDyhnG jjgRcRdk651nPwVsx7fp0KvGiENZY02OJl8nJ1Hf2mHNSzmzrKkNLOilKAPLbDw2 ugjhzOEgTzHbNSi6kEtatbUXZNJopBdcJFAa8ks0qvxmHa27QjTHzXBq9uFLdOu5 Vp70GF48zvgkQhmrSctm62qB5c/Gd+PYk0OGncOwUDfuD/J0ul2vS532K6KN/S6h Sm9SuSx7pdSNabMXTJSDp18b3vqbBPG34D2efmlUfXKcMWlkahz23rLv/GwxT/cW 5k6FTXhjmQiQeS7U4P2aV0fBEenkb7sfl+XeMP7+YY746UNazLxhMavNXBKN6gkv Bjp0piIG2coVeWyLDdStbAvBanHDpRFLNYZb+S5qjupqK3LvQ/y5Q7g8uP+JwnIA ntS7/VYO+E0OWDZWU6kmIcuI1K4tviA/mO3BkLJRemWi1JnISY7cDIdIEAWTWnwn g8CgsHj6/zez/BAp68JWHqrYn8sXRYz5tOzZF8bgL+UGZsU0TOhZj0nx2KxFX3tv o0lf+QOsILYVqbZR5pAOmBVA6w0Wtw4WZGppe3YGgzbCq5AlOkmH/2C7Wl+x00m5 lE1SnUsHzcy1g7GRzLncMUFWBjip7cq2SkoU9RGjULnDbL//L2RS3qcwNOTtd7fz wLx4z3iaGQL5pMU20vRY7INRtpwS83lvD2SlsNNlVSMAN260rSpXDYbVir1kRxDh ULxiTe0nSZLwvSbMfc/zrKMlA9rl5s7dIO24lNW1c/qsGoqe580y6XgM0w+9PoBZ toxBF0Zf25GaZPRp/q5AsipGQ6BrLeHBvGd+wBIJMeK5jy5yTMDtz93iduG4a96Y todht66Eqa1Khcaj4hSYLVJ45Jl+2j1HKIu/WTF1FLYKVU8NA8+AIOD37iuY2MUU WOOomOeqlMA4c8PqPg8PW+q0ssasS5Jz30gp5ENBoiTMVbM5eb405OCFve6YfsUh mG34ngnMZ9saNT3qeg8Nb4NkZrhvJn+OGS7vvICV7/Y577OEk7Eul/Z/9nsqDatq Hrl9ge8y9CLCh8ywwcKogBGcF+AYxo3w1KuWcBPh8Sxuw56lJQm0EOEbr4yVgSFY iESh5WkirCCxMJsDYgayPbMp6BK5KGoNTWvgHLueN9bIDgmB8XcnSUqq+ndQ7lxo KgAuLHof5fAso71raFhrLVxmElTLrLEOMt7Z/RwbfP2LcVeGEXcDgkhtGcg5dsl3 qvGvNDv6Q/vNm1e3JH03yqRVStXdgPJPHVLm5+LZJrNo3TsZNhZTmpHZe8p24aRO doWLejaLoiIhubRrKBXAoXl7fYTk0L97X/rVnWNDede2W5ojVmVBIibjMW8PKLbW kC6jrikKS+pE/Mb9+0t8uEYOLV1WZM7Z7PmKKpNcPqhTAcn7JmjxklcHby4+glrh RBTxj5DO+E3s3NRElpUorOVMUwIBl623uSywXpIiYScGzQadJh6+fcouUGdFQp/B sJEpaBCwXXwsIiYOujT8LT8kiCDR2bVHHHPeNjhnjjD6hSUb8ZVVO87hD/ImSGuX B9jBgzcDZbKt7Jg5MnFqVt6AwmPQcOupFllQd32Pp6vMKIJYn7d9Ng8uO0KWiC2e 2edwWX10QKCmgRDveYdnrTZMxNLzDZ3RZl4m/+/wFrDg/z+SkJ1V9VCkzhlfHnbr yZSzy4Ssw2dgFDwqd1hMLN1yN1vDSZtxmbSQ/rM6AHXxZh899tdCKP0FZdPm+cbT Bslccj1KOihdhSiDe6BSuDF86kOv1DmZ0Mfm8HBYZEIRjd9fAKl2XS4rjSraqE/0 xJxZrNk5uaQy0WfI63foaY2DK0cjkw4a05J/qWhY2PTtHMMtAoFP0YjZqX3aLTbG aUsB6USAzxkeFMd2qmr0ty28yr8Rj3N18r0dL8csY4s0u9l0JbX8SijPSDjfFin5 KqrKuP6dYaQOAvelTWz0GmqTK1yKlVZyKKm9cFaERfB7Tmwu0Q+qKK/Nyeu3xtaI 7vTcmPzDU/Dj5jmFyeCX5mE485bbFSjZuOnJRFMUs3+dzrzbw2rRs5rj7EzT1g51 AeDuwcUNn+gz0nIDvVmEpRMxsH2GtfxAsOjbbcxycxrA7kd2eryUK+K3FZWwhRZZ 2wJk8sw2ZyPuW9Qr1Fson1Uk2+NdFVF5hXDar13nbleVVcq5YvxIwNFWB0aKbKy+ K2D37JCBYc4YayxmU+Qu/N6DzlyXJI0D8di9AV6+ddwH19X93D+VbYRmyWstvEQF FV/F1It07680HmYVsH/ZQX5vMTQFHb+/Ujr8q2wNL5yqkMZZkbYtOiyWFlFwAsrd I+YnIHsywziYY3tEIaYyLLCNGkgOKtmpsRfaauCvod9WoPWla56hNUKq3mNiMOCj NKXdWdxXaEYMqMf2Yjlzv0Utm4vi2AaxVKkdoaGqUhHjZ0831AcuOvvpL/8JdsIJ 8LYo93Jl1udGeswnaWjn3sf+mjLzxuHm04L3PCyjnd81ExSCmEbPqFtj5qaU5YSP wesKHt0Zj547uneE5PkpZLw0HMu8ZhrKssYEu/phbgek6Of/BhA4JrZEdodWTd4f J/7WnF1xj5f9LKsfgefiQNigVjW5LthpxRGMuo9qWTcwmRAkLjUcm8O1qLIBg/C8 5O5M+YTkwGrZdsyvLjwYzwVGQuWaec8x6Bk1BJMK7og= =JDwc -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> c31ebb9d517e
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in d61f1c8c5536
Removing intermediate container d61f1c8c5536
---> ea63f52e87de
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 40a3323967ea
Removing intermediate container 40a3323967ea
---> 3de2876116c9
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 6f3c881a1b97
Step 28/33 : WORKDIR /home/load
Removing intermediate container b46d54b116ac
---> 2f3216b575c4
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 3b03ba0888f5
Step 30/33 : RUN chmod +x /start.sh
---> Running in bae6bf80fe9e
Removing intermediate container bae6bf80fe9e
---> 4789494642c2
Step 31/33 : RUN su load
---> Running in 436f07fea12a
Removing intermediate container 436f07fea12a
---> 67627cfa21c2
Step 32/33 : RUN /start.sh &
---> Running in 17173eea9adb
Removing intermediate container 17173eea9adb
---> 707a5f0ea73f
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 3c01154719c7
Removing intermediate container 3c01154719c7
---> f58359207e0c
Successfully built f58359207e0c
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
77c7dff1ca0eb38e669c9ad3f24933cb42389de0cfc1dd8833b40afd1331aa69
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> 8da1f3da51b7
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 183781f9a716
Successfully built 183781f9a716
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0 
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : 8NEGOAhU5m
[*] Exploit returned a wrong flag string

[*] The exploit did not work.