search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #50

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/WO32YORFPWB49ZYL10AKIsYWvftoyxKXiNnp/cfuPokW 6HI3SE10f4AXtzmlvMRosOFyUxkvmWGuj/46mVnH886e1DH1i2ReTJEk2mAcvspc WEwIe6i1XUv+vyFVNxpI8ZUK8jBng+TrVjcUQmEl8QZK/NH9pwvBKT+zO6/4ydpz N4q47yDC4h22PyYNMna2WoMDCQjTKBhPNA06xGz/g6sCuBalNGGu/7LsiO44c/BG Apfk6/aUGMWugtAZiE0Ag/ewTmjegwUWhYGyrJckAxXzn2JGOtGTcIsUlYMbrpcr 5Tez+MKce9V6JXck32Jz67EeMMtxs3saLkpGDELjnoUBjAPcMgCV6N35oQEL/i4f S81wNL/h5tW7uzJ6K/XsszwdxllYUuJlXVnBShRxUwzNoKRfNzUlomdULO04e6MT 1im/5OLbYdR3ZpbExGZmvK6zu7dMbWtQwFiMmhfuSvr1QWipyp8kkGCETC8UXE5S edbWRqtOgPSxIuFHcQQBfxhsUBxqN5lO5igFFLzmfuDCjmzHTmKSawgzP/LvmaHL c1HMy7seKiF31/FEbx6IZdFutxiQen5pW7Ynv2PJmVJRb3HLa5/jB0jC3Y2qv88P ovhtoLwPytAXPojChR6pMYGHQvGiDRls1L+JZpAxB4Hu6WVgt6hvmHJN936G9BVi DCW8EHK5j5NRe2gLjqBeEARfrtmgEBwxQRnjadXyj/B1mU0iQkHXsXnoHieHDJVu PQ3t+68zRzN9qqkGEZmZpUka3AfXL1tAnTQi6EvWxCdlGxVzDjzJ6PU1TP8n9Kx3 ACOoLWJIs/zaA97EU1sMM0lQL/IvKSQhqceOYeGtsg4E31HyDC1sQMJ1HbYLt9Ls AaYOqxTrnBl2oBQQpmXgBZCJZ0o0Mg5NDz0lRUC7T9y2Khv4XNRF/zyGfUHI+wQV IRevYLJahg+cOit+jX4ciwoiJFVzGqoNdUbiekWhz4j5KICEHQ1vFU3tW0hcKMDs y+JgaG49jzvLHcd+I5gmR4PWB8QyIDENtN0W0n+7JLFlo7IbQZEi3ExB1Qp4CVYq sfMdsLZbRl/GtarJK76ROgOiLFoDxUZ+Io8BngvpEvIs8BtDLcUq0U9odCdClL1W h3yjnsu0YihLtdpaLA+m6a+lKMnPC+su6LptC2n8H1QNgZkybe9jr957ldtq9Z6g vE8wAptrasQJNhJQ2kpNFC5q27ATkBiXS9N+/tg3VjumJ97Cyiyf3a5OmnObXXJ4 Arh1SYdbQT0NDdUipOxt8978PMDmERnSsq4PRUC6t9pmgdZoAHFTWtGSyg7moOi3 /Srw57HLVZvkKLxx+SzHxwzFtqwRBVZ1T/viy1CidfACwNUO/D+Q+y7hMF9CW3aW Wrqub1BCd0V07eIyfzaCUi1S5OTFNDhfiD9sfVRAu9fySXfCzVZFRiYx0WNFMqA4 jXA6CEOkymyaBTG2xgGaKEuI0/2J02kcBN8gzwE71NPCl/Ge7MqgP3pl6jWpT0X9 7iVz/OhGgsIq05+GGu+bAZwmW928AUBTjlreBdx8+cy8+8EM0ZUSbMPhISUUzhiD SonPaCrllzuyi5NZu2U8qCmWAnkrm8tWG5zDFfnS4G+v0NanVfAbiMSyXUNuyDzB 7IEdC4th8+2fp680QSJwSrnPL5xEJaFpAdWOSo09B2LX7GVsrY4DXgVLty4Uducc 08Q0GLk0xUz7j99mqilVi6leIcmHtwdgnC7pLOLi6+jNNdX+Tkg2/VrW8jfPjGLa Lt5sLGp33POrz74p5B3DOiXo42DT69j6fepUjcd7thBJFYS/VH58+lZ51QoDobwi eKQzqg8k1Eu66YWDvvhja5LXgyS65ew+c0VR57rpx0mQ7tf7ve487SJzmBWaO+4I m0x92dzFnz6rmsuQk6BQ0ueYJRvayQXogeUK7yIKQiQj+bDg5jNnaOhIh7N2qDZs IA3eiradaxzVOU4UsDaGp6AZY0CxwAxzRlWuYaBGPp8ULDBlaMrm+6orkVY/VJqj xsvAef00ZTM+yzskWJRcchxPjdiiqyGUtPa3Z788GowRwTgTjlNBpN8cZH1jsp5E yEAhzr1cR9us58RzqeadEYoPwLRAY9sVg/QHsC26Stx4LFpbMT4j1J5rBQBIw6ib oTBuPCbMPEuiP0sVYs7u2FIVVbkXNerxU1UU/PXb9KkBgeIu1T7i9OWWCbL3CW50 dgjhykhFFN0PSnojMowES8AxNhpbRWIiriNHgv4cAx2k2rD5lu6TxEl+0tXNlBPo XmtOISJigV2dHOVp/Zyw6rnrl5iab7JFrT58CWZoC0Nb2LHPiX3AE78w6WoXlsFL xzcUg9kwRknpq2MVrCozsdIdD3K89pthyAud4yUeDRiGh6vJz7BXhLcjaIgQEPyL tOyUZIqsSnDExnmj6ERbZPetbWMiuLMg35gp2eSxvSZ4F/BMzDsVsYQdLX+BUWU3 cCvAo9KmiXK3yxYZzxzUZ2VaQzRuj6RBf4gM9l9asRkw2xjO438ZOjxxw866ibBB pMCTMDwBrhfSBKM5QwjVOqzszBqUUTbmxHhM8o3QVe42iO1LisxWqLORHPvpkL+V B5j6oCU7TXXeJVYK5THiWYRYzTwOgccAi77DiKmaRyR7dDM3Cm261E645kdmBxk7 OCTwq6suUKEbY08VXf9Yl+YfQ72tsfD9ARykmWZrvV2Ma5QJQVys4AP2GLrl9Fi4 QvuA13BOM/bdVbR6k7L7WiQHE3RU0BIfHCNXo0Xx4/dMQ8uQywujbGOdCEb/Jzz3 CbRb3mZOjwHaeQVemu48Qc5w25S88Z2cI94b26emOufw0N4iKp63MjOUXoLx1q1d i4+UnhIkwFPnDBfzXxOpHTchDEv/K8KM/nNuCOoeJcKxRz3auScmGZpvhY5HidKJ PieKWVTfrRTSyiI+bxLw1pNYr2bNpfQ+Zz43kwoQN9+opk/n+6occ2lOurcTNrTZ vHU2IN72IY8dW42xOkCANF3V8qWKrOypZeev2jI0IuoxamYUxhG+GdYHmmamjf7J i4b2B5JwuoYNENQy7CLhW72Bex0uUaT8EzJHghBB3li4+PQUJtClP7AGPu6gVDMg 4FkfK+N8pGAMPsXnTwfR3U0XQdY8dGxF3svbEp5TRMtQHOJWoMsjmQQq9vponCgX fBS6Bk02jzpaffAVM2eBSa2OFHQTXsBUwYpzkxg64lmI4nzl4IFTA1tN/K4m1MWl nQzV0kiA5RGaFkb11VpeSwBa6zimikHoeCS+IlHateUE1VIxFtrbF7bjKB1uMH92 MbTJ6Is9N7fD8OhC9rGZovFp/dMrhsrbFMW/nwSlV7PBmczTWcX7Tp9QiPR8I7uc vm3NkOgEvTCgt7jXCAJPQzpbePyTyU0ClAJVMljWMIMjcLYhuwEJ20mmuv4cmleN YgJ2pJosLJQvBOByNEWiNKD/zU2ViMEvRA38e0i2U8HQv+d5n1lIBZpRAHfxI5BE +WMQqgpSnjLTrCSWpa4SQjLbI9ttimllMV4iot2l4Xpb5iBaLMnPU909ILF4A0gM Nfxu3E0ttmQfIX6WfiJZxwKsjkoW6jDLp5tUelL1dquFxDqOFNoFWXcSYjX+V0pl /ej7gava1P4zMo72n8A+UjV1LM0KZfrcC8172iloVOb1nuqyBjNT56qV0FyZoWPN bKygOPguFSMF2OLJ2I/w/TczxDbgARh9LzO5S7158GeJeAGS28ZijUXQ3H3cVBNu UzVDeX7rNtc+WOLQ8TKSMJK3Pt4j0HKkV6QJYX/4GxY0lOkk5m23sgM9mVs5MdDa j5WN4imzI4NVU9zI0yPbYHZI5rE9JAxHLz76OpDq48rxyLkMOZCJfn3rJFP6n1+i t8x7hJhI+wSIZRUjOTYb+3cP+SCZYy44RJQCtYF4pnAl2u+76ggBgMq80mzNSaho taH+QEFlx7e66W5YIgPQDk3JH6h6z/IE/zGMm4+LLbyOAn2lEumaruSucOgjK5l7 g1gTX7QYZ2s8tcH4CJWPb4DexTyn+o9jThqZcGHtVIainfZtt6pfeNi1bwkoB2fS Lj2yiH7cDiFZ00w9w9I7boQQqQrrB0kwF/12QKOgzZx5qefC2jgAEJUUKlugXR8/ z5uCy6u5AYROd+5hpwUV4tTSGeaJWGK3I5N7786h5ja08TYjJzERB1kRwmWJlo9n kjgrwutll6xq3VCaFIeL2n65twnrFae8CWyJ2zR5TSpoKqXBuE9DDhNoKHF8GUXB lxW8ZznYyHVbW4A6wQ0Z2LVsN0Ip3vms6GyZUL+QkIkV46sIE5CBrKEBLCHcplfZ RFTfja+udf6Scu1aKjwMjDJ7j+r6nJGSkARu0QT9GTTHfBMwjPS2ga6DnOrAjp7O LS2jC5TIQUoScfobHQSrjJJUXI0fITvktJkyMbNqxeB2BypcPCLaDg3rrvWFdZUi Dumkp59IB2EUESuT5ri+V0R4yiVIrLhGuz1RGLT3EXKo6FMOULYqXmu4LRZdxEIV 2/2UnaYOcpZerwCihYvjF7SFhvBKCPPMlYl6v2pLymvHBpXiUI/EphME2jfgMA5K QzrD8d4pozKJIcN7eqXN0Wp7ht2NWrIAZfIjHo9ukVFSh65Wild/2cp6KV6qjP+D n+MTy5NpmQNREoiMiBvBssrkjPDTUPoDOKtiwcQwM3sU8e7alNmMM6Rn3/pIp88I DXJ8UQlEZAX/1/G1EyZmNI07A5gK5/+DNVhHb+zDC1DZCgEdTGbNWSbx/93i70+O tx9NecD0tNo/V30NwEe6HmSYhvDEbYvHuVJeA0oAowtxGmROe6aV8ukAnXNR5ajI X+6P3X/y6CnFGITEQbPwb9O4zfKjOuI2IeWwMLLCCTR+Vd8BbnQ9B4kDvHSUXM2A yh/43z+I5Therp6kQw16QA+605ipjORSy0bS5Bes8UwKio1SFePclvBIuwrkYFB9 eEXlgOrHkMqu3nBEEc3z6Ddi8zbhKXbRyoMinWDTVvTY1nogyXDrNDtiG5PmnZtz L3hpu6WSaA8IWNuykqIJd+jDO+eo3XwrM94AMWEPG3/IjZbOI/U21yC2pUPP57Cp tmxGbTJuxpBqjI0RSG/c5BZJjoU/lBmU9l2AOx8I6ci1PRuyWblaVrgcmtIwhjFB 8m1sAaVS5wrgZMw7i021xBv17BHpn0g0e5d7haSzBZQ+IJbop5jK2pMLonRWL3ig vIiulZmp/CxkwEZko4Kk0dLszeA1xvsMbeukWd5hQ0AS0d4tbOwMCZBmuCyqL00N SH14S6TNBgYwOHISXuM72hCRRZuz4YP+4uAVP5Omdez46vjje8pDLSc2MCjovOWZ U+GNw4BMPn8dvOEZ6DgD/hHA+DF2gVZlQy0XFf6d7mz1h87mgj6W7otw6lnufpSF j1nPN96d1kn5FlbWni6FANjQKvkVXvwCPEvsURaUpdRebkNl/n3sU7ujzmqHUlVt OlvihSv7jfR27ELPaURsk38He2PNQLkuh2FBXP+6bPITumwp7ePPS2jJP+KrdBUB aItARBHnc1mJk6DY2hv3WnoVZyn+E9Bet7dyGX+UfT/SlqxHBHOvpn8HFfyKpslw jD29lyUuQ1ixoQC23ahFLQA+fdfsDf5kntvwRhNo9HtARmHNKCC+7YYgPVnfc+6B R2K1I3BlwFJPxvmEaiwF7PrLj7YnqCitniwQGd4RxC919cZjBRnjfgQm785H1zDn JUXAQj3E862Jimbm+rOLo/djmCBQz9Tf3A58T4yiKdkQgAZTZJ+MRNU6KfqdIgbq 2Z0MywD1X1Gq/nbCbQM/R2Osc8PrXMFdhgWsP7ao1U5An6o+u43SkaUXjCdtlR6M Mwx5RCOet5MwgesuEaEKwgXy3uLCt21r8N/pOPijIgg0kC/CwWaL0SSxbtIAFQje IvLlneddq3jMjDSk0ujWVAkZNc8STtgdtef/LGqz+tLtbwTHOqW/NYPPTRO/fdys KABe7xEGwcbcvNziDleE2fS3tr8C2NDcX4rfPVTROYu2yUG2+DMEGs6yEkJ2sBmK yf6RrPv3O1tYVhS0EoUkKFaEGYFBUekIZAWE1dBHCA9JiKt6WRt6/whhhtGdO8Xi cp0Vn++E4My77zh80ZTem9v4arVhhLTjlnJA8xNWDVrK1YZ9/EHIPB4tjUQHW0GD TowNdwxY/XS/19YNrpXUIJN+yNhIeIPzBlAEdyLF6PUnCglFfLo96v9mweqUK7UU uGCEjAEb6xGYXvWdPsI6ZSDNxW0SIgtDrpW4bBusB86aCEhcoQThvMH3LK9M0opp x6gvGFj1W2ToXDhJNJvvY8BqtH7ERauwxqxWPaGcneajuC35I3kpPj1bn/Wc6g6e VIrjbc0i3kAnXGSeycGj9uPOmlX3GBaQ9ZyIvqNmK3+U5fddO4mJ8zmt4RBWxvxJ GTo2NAk58CcglL1B325YeZgEFeHA8oiN0XuQkX4qKjq4f0ceHsP7YPrqoTNUBTDd SWpi8vKUsDbmAncWv14dF4Bov4MwEfUpHFCbkltdq2INHmc7RrkAWoOeSXgfuj5h wvrCcWQMNUsTTJREyxtwwDDhxH7RJGaD6tqu1gNOXaIIxQyIPzNS2SRELOI2BDcC suYk5eL9tigVUDqdpx60/Wn+6r5c2FJhdDbH+NoJwWWGuxJjWNV/rhbHgZdtGzGb NWkohC1J0QBFBqIJe1y2QVgpxCDCmCSgOvIu8w== =IS0g -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> efb39d9e5df1
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in e49bc70c552c
Removing intermediate container e49bc70c552c
---> 833052b86cea
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 6b66bf327e53
Removing intermediate container 6b66bf327e53
---> 907912f11a81
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 2d09ffb0e340
Step 28/33 : WORKDIR /home/load
Removing intermediate container 8adeeedda688
---> e0a4f2f8d6d5
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> b2346fc2c2a6
Step 30/33 : RUN chmod +x /start.sh
---> Running in a4bd0052c879
Removing intermediate container a4bd0052c879
---> 20a6c72fe013
Step 31/33 : RUN su load
---> Running in dcff94a76e9c
Removing intermediate container dcff94a76e9c
---> bb80017003ed
Step 32/33 : RUN /start.sh &
---> Running in 4a1d9bd6ad4a
Removing intermediate container 4a1d9bd6ad4a
---> 8209b2f5bfe3
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 39c916daf603
Removing intermediate container 39c916daf603
---> 18dfcc7b717b
Successfully built 18dfcc7b717b
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
73d87505fea7a3b95af206b2c6f3de41a8ffcf80bcf1364e4574548f5b190786
[*] Started service successfully
[*] Running exploit
Can not show your exploit log because it cannot decode the content of exploit
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : 9ZX8UN7yvY
[*] Exploit returned a wrong flag string

[*] The exploit did not work.