softsec-is521
commented
6 years ago About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon 2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag /var/ctf/flag
---> 04085305dc6d
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in b185a6ecc461
Removing intermediate container b185a6ecc461
---> d5f38f80fed7
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 0334568b1699
Removing intermediate container 0334568b1699
---> 847387cf3a4a
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> b1f0707aadcc
Step 28/33 : WORKDIR /home/load
Removing intermediate container 51207b654444
---> c250d1ff5387
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> c31eb6909389
Step 30/33 : RUN chmod +x /start.sh
---> Running in 227cdbe42244
Removing intermediate container 227cdbe42244
---> 5ee650dfb0a4
Step 31/33 : RUN su load
---> Running in 676536d6154b
Removing intermediate container 676536d6154b
---> df8f1c27f0ca
Step 32/33 : RUN /start.sh &
---> Running in 0f24bb379697
Removing intermediate container 0f24bb379697
---> cdb176ca96af
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 8faf64e3eb30
Removing intermediate container 8faf64e3eb30
---> a29519f74f2b
Successfully built a29519f74f2b
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
1f01107ea9e240e88d96403715a87f6490d1c48e7fa136b5297e78510549f887
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon 18.94kB
Step 1/8 : FROM debian:latest
---> 8626492fecd3
Step 2/8 : RUN cd /etc/apt && sed -i 's/deb.debian.org/ftp.daumkakao.com/g' sources.list && sed -i 's/security.debian.org/ftp.daumkakao.com/g' sources.list
---> Using cache
---> 6158c0b6e89c
Step 3/8 : RUN apt-get update
---> Using cache
---> 82d14e093d36
Step 4/8 : RUN apt-get install -y python2.7 python-pip python-dev make
---> Using cache
---> d27cba64d589
Step 5/8 : RUN pip install -i http://ftp.daumkakao.com/pypi/simple pwntools --trusted-host ftp.daumkakao.com
---> Using cache
---> 5329c37dbe35
Step 6/8 : ENV PWNLIB_NOTERM 1
---> Using cache
---> cce5858f357c
Step 7/8 : ADD exploit.py /bin/exploit
---> Using cache
---> bdd9339b1a69
Step 8/8 : RUN chmod +x /bin/exploit
---> Using cache
---> 6c48c74a390b
Successfully built 6c48c74a390b
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
Traceback (most recent call last):
File "/bin/exploit", line 58, in <module>
canary = u64((r3.recv(4096)[0x2a0 - 0x18:0x2a0 - 0x18+8]))
File "/usr/local/lib/python2.7/dist-packages/pwnlib/tubes/tube.py", line 78, in recv
return self._recv(numb, timeout) or ''
File "/usr/local/lib/python2.7/dist-packages/pwnlib/tubes/tube.py", line 156, in _recv
if not self.buffer and not self._fillbuffer(timeout):
File "/usr/local/lib/python2.7/dist-packages/pwnlib/tubes/tube.py", line 126, in _fillbuffer
data = self.recv_raw(self.buffer.get_fill_size())
File "/usr/local/lib/python2.7/dist-packages/pwnlib/tubes/sock.py", line 54, in recv_raw
raise EOFError
EOFError
[*] Failed to run exploit
==========================
[*] Exploit returned : None
[*] Solution flag : XsdasvFTgo
[*] Exploit returned a wrong flag string[*] The exploit did not work.
-----BEGIN PGP MESSAGE----- Version: GnuPG v1
hQEMAy8nZUIPGP0nAQf9GnPjWuQj4SGVj/T2OPgHNtJpapuPKAXv4ywqSyDemYEQ 668XxkFvKbt99/5En6qJKl6xQLABBtNspYNRjNL8eRsL1ugjqRZBqr/KwKbswIWM qcjqOJqeHTkY10HAkBOVpJpX+5wn4Q5a1JZA0XAIdeUgk8U30s9yw2QQOYuj3ojv O7FLnnZEK89QTCITNjul/4IPpj8WjB5Ig/Aoz0UpwmrvIv+EUciS/90CevjvfkGi v7CT6QdpkKy2hADpTWqi3Pv3bMnjskleWAD0psUC7J11K29Eoq6fj3TRTH3YxiYI pj63b/xCijY1YLJYDpSipJO972PH9bMmxiUSAdJ6boUBjAPcMgCV6N35oQEMAKQs 9vHKNpDolTtd0Ne4FQphhHCM3GT63Gni14ZAuZKVgPJalGlhcuVgT1RqcVlvXYAK c3CKAURdMs2m7q3A+kAYoX7/ems4YxICQRDytM31cdCg9wFYTZ7skss8Q9IXye8c xsH+dFuTPBF5jv3Jf8m9eyFiSG9Ev9e2+CWOnw4odOaj/C3au+s2fbpCSaEPioW2 zp8CmwuxmkRjKbFm4NioAY6vAByT8be6d0nihaxc0oGjf+sZm0AUbovXkP5dp84Y F7BIjz3KCBndUWASb4gIJShgD8QaH/pbghBraU9Qx7VY+eOCl+kyTZtzOcPWKJjz PqwJ+ULaZMdV/hwJQY/VzB2Zy8GpA3PXOjq0IT0F7YopOmP8geHV1kSMdMBiVsOO sJ7rxtBAJ2GvPkjl7Au2Rw5n/IrXXo1egzQhiSD9AKyhT/+tJFukuS/ITVAM0xC/ qZAmhXd8Ky6Hy+Rxw0WlLKSpbO/XlYoUamBL/K+FnUqYXHeUYMIRzj+y44mjvtLr AYEJTm1fsBt+NPyjYYX90vMNvhe3SwxsHjwWHUdXl7iuzjo1Kq5jaGeBxl+nSqZd GOCo1SQeJHbssd9Z6z+vo4Iwk2w+M33GtQMbT0pxwDc+WwN9OILCcmpHYMHrh8I7 X0Oyg6cfBaCQY9h1QqZzJjmrfmS0zgewt2qNK4riKG5oOBafO0Z+L40DGwEHiY6Y uTPoDILLKLxSMd+sGARNGsG1K4JEx8EhKqbHBZI+hnctkZZJuo6xV3/eG9h7WyWA pFfgNG5mDq6og3cuOx93t2eJBf8EiWPHoP6Wlb/jFWcJHaONzbx4KP14pIcjgf6Q 4MSBQy15cS5g7WEWl+SmEr15g3bP8F/aUndjEeta3/itsLw8oZxRdxSmSTFN6Id3 KMhjC+4fwHrWYLQAa9+AI7uZZpiPsSm/3xwIe7hAkSfYYceaRPt7C6JaH4intUUu ath/YQXQC+kNWN0gH6msoiTtDk9Ef6rV3aWLbH/pYWU4npFZxGBag1Gke04XDkEO +aBLNR7Wm2hrcUBPnoqTJaraDCuiqW8ZJwxc2MhL3fA/fOQ5KWkZdxaAQUITpT2x 9g6uP2KhW4ZxGSzdHD4xUcWPuip7tI2XjhDC9VEUCtgmfa/QK/Bo0er3QCu1YZ7G 29YgISuSzlOeKZHbsSZRIKtOhxTR1Xcmt7SyybGF8MQ4DDsM3/jIMnKbdXjG/dYJ CQELnjQM9Qef5p/pimGRkXslCJpvG2h8XcEbOp3PPrbDotdDVntZfimNZy3VX4Um tYGHbz55fxlTXlyXh16pZ3MNSp+Q2gqLHVkbx1mSPzim5bqt6KGOLDp8AepXDuht O47LNFKBgxLRMIAWMvdgWBgRAj87mcFeqEyt1vf2Tg+FlXQ+BmF40ZeJwvCjdTE3 uD4R78LWbbPEHk05pAEnZaGNaWkh4F2XUIIrbzJGYlxyRgDSvtyr8oGgnPUE1FLH pz5HYlu8r+vkeHnBjZpxjeTBlE9R6Y0Um37IepNWQk1vUhxHjR0M9vRzK+ujAyBI hsTHpbvAG5ehE30hoX2BNTnwtUrsgjtN1/1bTtYhLUGfr9lryZPUpRbVMpnk/lcb +HSONhQQktyC3M8u0SZ3WAFPI1UN0TVfZNcF+7GBkeDFCX5c9I4EbYep+l9YI1vZ EMhRA+OKJjrBa1L+sRKJLTcdzjqdtfrHFHaQBNA1x78s+rC980/hvDcc3z1UpPBr i1aulRAiTT3h/0SnRGM8LI+m6PCiBKCEo+jBCJyiDU80KsEk3pG3uqotOCUc5o+d W96ODQkNzUL4isZYClDwGTZpDSTIdlpPXMJj9Fc+qPp6rq7N77fC7pjEN7OOiZUR DNeyOyRHeXAXl8P+d0hSWdy2CfITFidHjAYwBD2SQtjqi9o5c+HNny9GXBLzENEA CwVGZUNN/FQpF9jTcBEyITiQ+Mx75f4YdkpLSWXb37xJpO2ioJXJ454NcYS+x2WV iHoA9eTdOxscR4T5SyyRrmAZ1Ix3hY6wH5kmjk22J026gqQ05jP6b6TWWTg/bdOu 9OGvuhIwrADfmT6Hl8xNn8tqaXq/Kpx+krIvKEtwD5mSoOFoVLmCw0K9iD+B0GLB QUlQsF4O0wb7Fs5ueXQJ8AROtiuy8vk35LJ7AWUlnHRfq+l1vCU6w/2kCucw0SQZ L3oEflFVzwjndgZUUiVE+WawBtmFHDoRegRgUW+n2YIhVa/Pg/Jh5If6axelT/5I /wdw4NL+6mM9aQ2kCAJuXyotruqH92Egkjq2TKhciFQS17S4o8fxDtD/ejuZYsXR vgAvx17HbymIZhs1/bhUSRt5z2cclAVrkVsaxD5F24yvhxPDZCOvyDriz2NAM7m2 zM6ElC5pEXdgL4dl/5/dmemd/qna6E9r22mdnEYk3DLc51fIvYYqgipttEBljIFr ImkxjV9kj6a/cJTsqA0BRme2FiW7oZ0x/Hz8UHZgcfg0rKIgCa6Z5+QRAbOCal8n KdAVXVCOOmAtJFXFfXmjlWrDmOgoU8sun1eFMJUhiChji4RGXFwbZT3Lyu9rmtED qWRSbQgmtowyX0ukxgqQ+ciHb81h7ufkY6QIAUWs23sdLWNNcMQQQhQk69cTyzSx v0Y1rMoOZjE/6+ISUbQ9zh4xIwRAYYbu/DPXH7G8/7x5W79hxq1Db0RH5KRraN3Y d3ShUN2ZmgmyfveJEUZjUCkG8R25GFvDzD35NJicmID8+vv7mZG7pc5GECQs+TQj ZWHLzUMJrnBoqOMzeANwECgBgL+5UhYkeNmVCWofrDRGxpH8U6BizDcngXsLL97m LRwjq70YUQAtL4tt7NPCbvWwzwwg6RPi3Y6Jl5qGbSZf5T5yY7e7z+WSo8j9qOPA CluDqMv32wsp8kKcX3y5G0ztKsVYA147SII7/UgfGasyeNKiAq0lZANeF0vEYXZj yniLggmsKiijR2+xwQ9P76rb4xkd7QAAIEKHFLv4v4PT+MkcmwDBPONU1k5sF5rb 6/SALVIZAYAFs5EwVPNICBqipwwgjx6CwxzYSJGi3R5u0vPJxwUma8tpLoXRUq+N JVWeaBhyVdWV3xDovbXXwBSf+TlvhHxHoP8f4OEAYbQ802QSAqDSruo9E9WtqrCf fi93QZtTr9+uJZ+5zaFrzpcg0h648VHOzE8+UOPPp4xUVAFwnermd8DarEE98Cji 8SLcEKV+wlPQI9TbjYDoM0rd3/+n27AJb8ORAgXlELjpw0eEayQXELBHyerm0JDW LV52Y2rKSMnRSgUw/h0yduTKkcXAx16euiVEKyC1bfqvym9Cu8JksDy5JGNlhYPd yxYALfB+XI8oDWPezabamA8iRuz4JZZ/N3CN7YOslNHDVsbH65GJFzGwNTmIZxJj t2RYBqqKhXu2fxqMj+oexzQKOc2iUA0yUFSOeJo/hUaGGumUjOLyooD3c4Q4ooKi ZGcZD4NMmOdCiMyek0aei1qEE1woSHNiS/H9KamaBHHQtywRvY50l/provwKijTF eEnzXlIXisEIAxBgLQBWue4WCX+Hv8CJAva9DVQl2RYITM3O4dckOGSpPT2jgJf0 pjwlmBje+EXR+Wl1gQG4Ql49yRyBanrJLqdSJm0AsUXydEJOg1mg581HeFhae4ks e6FrZhRornRVv4vPS+mTK+kl5ViBIInTZFcEIlas8xrOUXMRJdMTT3PlSOdepMO2 o28kBIoFv2/0AZxCmtV+ogs+IlNdJn0GkX5uGhjQZr+xxsepf3voyGyWyCtWsp6z YcElPUx7i/t6Ry8FDosHEelQDZu1GigWFtA4lWwl9ufIzqf4DdgOUGlEuMtNVEub 3jhVHG/iPjnd0UHr0wKajlHy4Pf2Yi/IUfKrHwV8bWHHv+6MaH8CsXWUxkOgtRQu 1cELvUJmxMKandCbu0EFpQ3A/hptC+0apbIg7lDUGKr7Gwv+ExoWpXzLO9vgCMCL mnxskch3i8nhMEriTy46UMO9NOTU1L3tr/9mDbhoKuXsAcM/YF0Hccqo8aygg8H0 rtxVUAtdKk35auv7kXGqtbb4V16ei7AcggfWRQWm6URfJO/aHOuRnlgYpnHMdivk uADngl5KyxywficB+ZES3cO9i9bdQC7CbD42eZHk9EdZMSdaqFauBGNfsy5KCuKX aQKv+v7YGgXULqX6dX5sz9uQpCxz99RaWSsPOEzsUL4Kr3GJqEZadvoEe2mm4WI3 ds7xxtwKTVgozRbcwta3Qtz3FnA5ylQvwZnwBhoI/RWLKjYoL6GTbo2QgXhRObz+ xya13M02FoqXsv8TpIItfQaGC+3c1VNltk6B3ycwZ+jDqpWjVUbTc80FOSFWTj1q ybMMGybfc8zvDU73ghpJsdcWZV/kpLpkJXGIAMjFN1rqlkBUQyGTJC0b0L4f7ulm qGVOn2TRxxjtDbTNkuHwixtef1PlZi4de9Jm0GZpiopxevjEEvGC/OOpJi9yilGs X5dVaE9MrBytE7VY3yc1G2un5H2Eo6tgjxXgaCl9wc8C =4SKi -----END PGP MESSAGE-----