search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #40

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/Tr1eBmAyuJGt3KogEoSmSDtwoNecGfY0KCXUix/PvDpo T/ugR7hPv044WBymcrPoV3aqXozoXVx13ftjto3rnuG3N6bwRENxy5niuOee4z0L OqD6D8FJBP2L5IoR5dZiAs8wPw9cSTEB7NE5DqySjacizHs4KYDIOlcXdorRhxPp fZpG05EY1Mw/RaEtKRYUI5xgerHrdIfUF2Beyjpn9pCnzYtI1nUOB/7GccvATY+0 oP+lBTomA2mt6zVkDiDvBgckdB1zExQN3RIQeGeFRba1sMcCRcHcsIKHKL7cwDoX qlPya+okiLJoC/nALMJ2LgquY9DmwgwXmFBjG7AMt4UBjAPcMgCV6N35oQEL+wU7 kmuP7qcVGZVox6JoAv6kboNp+Yi+BuwlYIfAll2yvkamkwzIoalrwBKWFmIdpg93 w7GYn6KmZjN9tuzrNL9gokR9b3Teo0UogJlYrpI0DPr/i9xDaeObofhLhYupJdKq YYhh4snokKBRl+4rgkVOXdeam5tQ8fSB6NOMXf0+IuKmg9EgQTZZPjNnoP+2Hht1 4ogu0ZfazO2Z0t5w6Gnuf0V7hsly4FBOwQyWwyBrvQoLRmU9PvBJ9coyCeMp2Wwe +L76TnKveVlHahKIFaf93BKFoPPRmvFJ4SbXX+aIZEt8xcQY2fm88j1EeFsxicgs XdEsk/eV22tPjCHJ5BYYx7zJig0ITXBRiQcJMUeSChk0DvVdPFMsDhau+oReo0TO iTbsX149ZmHnRGXnmkTlNliCaQbktIFag5NZnBVuFCxEcUjzMYgy6bnY9lxc1tEZ I8GkCOZVnLB5u1VI/vYq1qp9p2vK4JdeTBBFlzvOZlP2mriV+LiW+dgXH22HyNLr AZFnjrErU7bafpyvubgou0jZKjhRvA2xP9ntHm1Iq2RalGhx53FvoO1gJMoBUcNs 8oJviVNn7Az4rfkEZm+bDEbGfWe976RZEfVcv5ut+DPUNwFZFdljCowq6jiw88Ot AwjqBVSbdReAWB6sL6roGcE/BDCigFCSVl7E7WTiR3wib63PUVf7o4JlGEnIp/30 7GBUWhOBYopOYaGHCuih75Q9IwzBp/1GVp3vLGp61wEZXa/gwZdaYRW7Kl2FYxJM IevXyccO5QZ6DAlYs4LGXPcwgMTyZwFeYnElR0i7PjaCE3mkYcQ937KIz98csdgf WHVyNDrMALdX63hEMMml2xO7swk5TzbjlMre3JdOxIgVswzK/VwoHzdA4DuTys+3 Sn50JxhJrB6ohvhcZidpqkRFd+/im6U90pHJYx9K31D5opcSopZA0i7AfyENaHtM f6kYdT4k50Pz0Vkw5oln5jqbB0Sv7O0AXqVMpo65ond3YsuQYvHAEaQsjV3EHLWA IynDOvDUoynBOWNQCJslcrtAQBmnRettn+yx2YPspsiINqLgOlmaUKU9PWgmOupV Sqce4XWpnpRGO24uWwXDsLlwJwHcPcQ/jDBIipqc7zmM2tHRKb1OfyGxpENcuaWF Au3Ocea/rxe8OdsSPhLFyJtrqWeFW22WunDmDzrOc+yQ9sVk5SGnXlSJFOQ4I0s0 oLRxVs5hBDNXYbW8vFtc3mnZq8tA3MQlARUeSQdYWVxJ9naHJVnBO2knCZU8y2rl qT7ttqzfynwS+VLLj0vyys7Ebwd4/gurUnwgItnn5W+rI7irZIFxdyS4gCUjhfD6 5kXK3G7If0efjcFxyctyzziLEPaY/OaI/Efadx70dZtYtPJlmN0Kav7n2LLpPRAp aGfkDZClpuQUN1seAAnVInd3uu1sI/gELLk0sTOe04eIlu32nas4LXK8iqyl6Ndl b96mEW5u15THb6gZOfpKyFFbxKMb2TRCI09qL+d7LtS0pJSnhFDLSKu6j3upugm0 08Uyf4Yizc+4C92JZvXVOpOOe8RbRX6uDQ2jyP/sUlNzsAqW2SxoAvjLGw2n6tq2 hGKtJlOIfjb4ZEXyal8/LmR0O2MKJsiP/yARWMJP3yikhVikg9u1YV3tTC8hZPW0 nSvg8z2VBZ8dXX3UhRxQ+88cDAftZ54s4dXbMf5M8Fr9xhyxV0zr7xt89uCBQGpY 8MZaTVJWCUOI0fvkndC2HSwtquczX9SDiyMpGcKPhipVppZ5mamIvXftQ+wKR5iy uAi0yGziaEBPu3DJPOjZaEomnnf7wJoGR7Y0ThV9kpbQm0A1KW8ueM5mpHce1FHg NzGqSlSmYpX64WSJjv7c1eM5qRExyfbuca+4+qF6evUS63L7H/QEakXCo1dsi2gU Gr2GxRQpYn7kCGjpRVDpSOJfrEXuMInAw816JcWe24aBmmuLkKTnChGfILTFSAy2 kdHpGXZxD+QiGCLqsNoUr8LjiegtPlf7hbEGOjBNODHx/jdisZbpLf+H67KE8qks tgCUHp0zZEYbkyA2OqrB8hr24umLX3iELtu3bV0t9l39+pneq87QrGXFOj27rxTU TLP8bO7cLDmmv77fy/GMgljh7ox4ZmJUUJcoa9cri9/EYHrwung+d+seMWZkkQjx 8jXpIBV/053PI51IZRp6aBW/Xz0mzK+UdrxRGdJ1/jyUoKFgk/Zk8VCkosr6ZDDR 2WWlqz6sazaRtTYlAYHJFueem0j+isDKi7hAPIivRCcOr7436XyDBtSyXZt4yvfW Il3GggB00HEdl4UZpBA68FQF7iUXlS/VcNuBaSWXP9Yjeqrvo5lG+6OjBZyW/P+g XWqm7JpyuNIbbIsvfbgJGcoLcvj4npSO/C8dmvxUfVRn5ilwyht9wlFkbA59W1l/ LHPQbzE0+ZaGtaCecQ8XV/o1R8oZPa85fZJ7rNS1oKB6nwwOjnxqODUrRYs3+VmH xjnOJQ0rJIdPnPMXtVWbEwN0pl/GVV4RZn1CwEslE6kaECvKmKSxuR7fQnqalv0v T2hJ1pAoj61us+s93mHo8rDZA4/b5swWln2xScatWQAP36ZKLZhSNSninKAAS4Hm ynelwR/eVBmY2FX0TrzL1gIpZ9ue87mFfefqJf1I8H0Bx0BgGJHy9wC+9RxjoojP KY8iMvmdtsY715L0UTax7xVmYqpcNmMfEl/SAxlPjDbjBbHqGGfht3im5S+t/jwn FOyMXSg1KfbTHW7wGgjnz3/dNVEOcDoxASOp2h+7jCwYSsW7tRIP2MQJne88K6jh spSTkhcGQXQTCWBYx/7e4FH9YKitG/iXE9lfyqLNF8pjPIHrjolQmMnxtXQhM26U CGqWJjSqrmniCayPsU26EgKiz12IF4UBAYFDHqDdZo7LB5E+A9+LEXSFEO74qKQY wqssSF/aNb7fsX6D5IJ6iCUv2uIwKq96ASvdGSdoA6J6PyjP+lxX8PkDhgZ5HPzJ KJqJQ974BZ30haaB/ZTnU7/nUCwwH1uGQ2vLG9bnbbDb24pmTfgvluJBwf4BcETA 4QwHip6MV1Zp0FiTPLi/MP71K7PaucVHTIecBEMqHOKrGUWMtxfSMd1TRkppD+lR DX7+Di28yqHDUsuHsHkEs8yJoPl3fDPArbeZQRtKkOkWWHC4aookYVGxkIYYfD41 LDQmjombu8MLD+oD/UvUwspy9CODcq7hfKOe2P8u2KnBFSthpim+LS16OdyHxmIe eVgMoleydtuHrKCCUE+FsWGNPRV+iOUZOyZ33niIiE5Xboc3F7SrC2Z3CEhnUBSn JFoXDOSnv0Zl23labHVRQa2FOYD9E8QFDE5gBb97HK9NaTUQRWcu3aj8m57TC6ai xQLWxZpwQYxUP3JH55NEwW5RvCHNuP5IBCDCZnJBOcAFKnqo8Zb+Vhh2kgrJ2Rk1 iILwbRgilNMZYFGOz0BIVOp98Oc3kEcbYhutCQ6NG2RjhKmWk4Ul26pTxGqqbb+z ecAY35ZyHleHdFNI5vNdivJM0iKCCP6HVwDGqVkOoLuPGxiSdcrG/jt2Z3hlPjU0 VFbqJZ6I4pcxOHyiv2q9uhzhhdvmc8Aj57MYr/ETiqcILFuTf/xnxBiiSXhNjXLZ MR3p199GQg0vqKpNZexM/NBh889YSjf8UTb5zhBk+rfE5CVoHHeuc1x4D5CFQh6b +na9asQybI33hsnG//twAR9mkhbeuJg2IVRK8MD8v2h8sQw4e69sFkYKEs/PJ+/Y Hz7J0L7eeL+IUcdTS0Ul83gqRGhE63pMCG3yfPsqM4sV9NuzuxI47pe3kVgcph/X 9BPE4Pfv5LCEKrF4b2ogN5dE/cdwY5U= =QEAS -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> e4c06ade7832
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in a44c300dde6b
Removing intermediate container a44c300dde6b
---> 3dfe1014e8ff
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 58df7add349c
Removing intermediate container 58df7add349c
---> c8e51cca6291
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 715d6626e9a1
Step 28/33 : WORKDIR /home/load
Removing intermediate container 16165c47db98
---> ef97f29cff6d
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 88f6689788c6
Step 30/33 : RUN chmod +x /start.sh
---> Running in d36f0459adbd
Removing intermediate container d36f0459adbd
---> 11b0170c8186
Step 31/33 : RUN su load
---> Running in 93fda9ef601b
Removing intermediate container 93fda9ef601b
---> 72d64b8274af
Step 32/33 : RUN /start.sh &
---> Running in 9d04c17b1df5
Removing intermediate container 9d04c17b1df5
---> 3e1df4ecd98b
Step 33/33 : ENTRYPOINT /start.sh
---> Running in df6f5e65a64d
Removing intermediate container df6f5e65a64d
---> 89a54186e674
Successfully built 89a54186e674
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
59547e6d0d47e4fcab0decd49b2296d58d3a3061ba8245ba8f88fcb6b75ffaad
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon   7.68kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 371c580f05da
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> 68caf3397538
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> cf43a75c9db3
Successfully built cf43a75c9db3
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest

timer: 0
timer: 1
timer: 2
timer: 3
o
timer: 4
timer: 5
timer: 6
o=
timer: 7
timer: 8
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : J1roaB8311
[*] Exploit returned a wrong flag string

[*] The exploit did not work.