search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #53

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQgAk4uOj7zcoHHgnwZUIWctDqu7E9vMfcOTA/CZUtwWREVw YnUd519xk6fX1lvrjqVrJxtSkeRWm/AUCYB8HZTW35ZjL+9+8gRa5oNpw3/it70q dNVjJG79t5jxh2cru1j83Q8bhMN9PbNNmS5CbUCnwQCAC4nvs95MbEUsdWzGJ7zx UQmcgim2kdndFSgwgLv3SvLf0ZK321j+37Ak2kUWjpXH97mRRVBQj21Jcec7XzPn E2wi4F3qIxRdEwLtWUA9noItVqbvQOFCJdRcEf5UGmFj0HKo4lhbw0YCQBXPMD58 vYBHSNgoe6cg/KRPOVGouJdH3+bDg6yaG0hN+stWMYUBjAPcMgCV6N35oQEL/iAH v70ihGNncIyGMJyS1XvHs0X9lz6lBVVGGvqPhDFh3kqU5TBtF/i2TZQ6j/zzrxXN Z70CHfTQJZsYi0gy+ZFO5h5YFCz1t1TdOANg6rPajJ2CIsLW1Qtlyx88hnXKqp1b AKnjdlPJwn0yDoDL3IonejrnyirT8oeBiyL+g3Cw88Ocklph40ewVqnOCRZ8RSYp drfHLO4rSUatbNWe3zdw0JVtyooA4eOLuiHUY1PNROPd2eiURn1dCA2cO/elFwdV AEukgPpx3Ft3Ic/9Eob8qHArFIM8LxzcBYcuSzDWNDHKsALP+7rDFrcGPyIzjPQx ddZNclh6K8R5CF33ZYH3LOuzftYNokHuK7tTap/oag7vHLqqT6cjMYUzWBxwHif0 hlDHHJrvvykEoPb6eSbIIxJ4EtIjxd9nJfs6/v3/P/3qQ99bM9tRlSIlzRmR1DBv O5e7dbLiMmDlI9tsfVgJCiPAL0ppsbmNjO6YEcd6DNdmjc/6q2Q50SInIgxpVNLs AdOGTQeAeX8XIIOcTBHfJq6tcfP9cGs0FqT6B83TYO8vMyJYvXCUW7WNDP08l8wu y3K/CK4IrH2Gs0RFgJpfx2E1+uQ62QYjQx1h0lvEs38onJUYJeGBV4qf8UBPk+h3 3bg5Hd/rP++BYy7PKk3Gf9YWzea4Fr6B3ECWNpiLY612Pyq9zNxRspxFS+rDu8eJ b6NJVzPVNYRU8H304w63VJy8QvCw2RkCTq/YzQdE3oea15b0I5eszPKp4gtf1IEm efy2sxzJQ+kXgmgfU4h/RH3wx/l2BsktMpqbwhrB448pzejce9pYZL2UK2nrRXDR 5HKuh7/x2OdVYtBYPng5/jxDPtEpoGYuX6xWtsJ0bLaV8rClrdvpzY86nOfpwHu/ mMSZXL63ON8IBmeo7GAYIdvuyCvXJppRSOfQDZ/DMH4FMPv2qlqIntgnY93ompez HaL5obBz7EnZNu3Nv0peLx2bCSXu7pY1gqOdlp5ZrYwm11aC5jqas4H7z8936d2N TX03D0xgXCz/cT75bxWaHIdvWGjLriwrDFqcaiBDlI3KRKr0LVBy92v5E99Lt1QE yzh1GpDTdbvPOGmDfkBYgb70QKG7nVNj6Xk7y54pnboDg1WuEMfeHUtNAM288ZBa IEfoeqqHjjMbSD8Z25q47cXCQym4W7byXBIVPDaKaYPOAi3P2o8KXRcxpxaYy5eW /Bh1XvzGUssqhpH/C835zZbJiTCeN5WlyOlYIdbsdH4MlwyH4LcF3rxYKlBsawgE yF7g+el9sBumvIL14FlOrbxzzB2GXRluCCPlVu/TyB3Ew+7KhGcPTmOrQYdsTo8m UZU30NOF/hwgl+7E0TmDmdbhjVZ/IQ1PALQw7ZTIRbR/dEccVR/hYxVs5RlEpYx2 7LJpDel50j3rDE4wQw88Uu/oxp3QTHxmc9t4wUhIxVmdUUjEbYcoJSwApXbW/o2X 0lNTHDw8UxSIFPrbpkmouiBba80fHk9g3bUH0i0acFshS9n0xXYU6jVCoc5dwF48 EIhrKgZcSDVpN2WaRf7LEIdiBDV0lnRB0PJXpMXaLpdo1b3Nt0mGBJhxrHtoo3gE I9nXSDARdFOMudwlf6xQ2//92v82rxIWDrAMGtJapVn2l65S0VW0N1FPdLNrr2Kw IKraJRE8gHd3FT56g6jQhg0AxgmvmmuehqeLJEDdfv2dyxRI6bqSsq1bbOltPyu9 hZE9+i5WRSYtuGLke9W4mzVhe2Ifcx7wY++Hcd9PQzkd7sk+QIcKJZt3tqDTE18q xgi66iWfY8W5GOCBg0qNlnVQGL9zTYoHOjDcow/YpuJ0rjtZ808OD9d3gUiHXKhu YK12fVxrc8ybuR50CHPhZGP9ubg6FFOgNmMac+WmDkq73BNtyT9/a0lZ0mUW67eG myC3f5KJJdLwqJ8xaBDB9tQQCQ9pmjJVegHC/NC5McEqpQ2ybXLaRq/STtqOL0mE lUjwwshdoGi2iBaVQJb66dE8RQGYPL8ltg6sZVxRatSuc1uHMp/+4ZC73QN3ohUU zd2lwwKhUoEja9MvneQnhvhixmjo6zK+mBfFzAU3oWgKIvv1/hvJk6ob8/WlPCar BFpwyJ9F70TJPu6U0Ix1K+LHDrZ2ybkYBDPq2Ngjq3R/xZODgSafuiRpBDIuLEVL N8l/JAedEF8flpTO1ots4ftc+2+BzIg3wxI35jAfDiNi2c648+P6XVjc51LtGW8L V1R3q1JAs4EFKxYFbqQt6RAlDnIzkZD5W4vV5RdvYKxQphmbPOhIx+AcO3wPgEs+ 3mTnbTH5t/07F+Cx6YtbWQYP89xecvK9pm0Z+LXfdUi5kB8+t5z8AteiYptQCi2Q wudEZkbTOq1wpSn4tLZiV04Lrupexbz+EOav5fDbfPI36APOqMe/g2KpPYSOdnwN p1MMt79bZR6XveRUmdJelSybeo2MWDR+9FOTfeFjgKLQwS3Teo68tImOBXoW1U1j aI1eVgOgqnNSm9ynxOixbuupHzSAzeMkqeOa9Fdna93RzZw7biftkI5nxQv6PaUD RO15eCiDibtxNpRcmcdYOeREdJ1WIs53kwoaI32WeaGWTfJOr32lykwHv3mabyaZ Z/A47dBj4jbMOWEDvhZf+jsHTWSQ/jV7wv98+oWPwA44b/znlUWdmcRtPksJnFvh iDeZrzSajj8nTm4LQOOaBrYxXF48BVu4SGseqcNskXcdotVk+HZpVOxqEMxe+auu 81YQe+N0nuFylmZLx+OnW3VIu5Cn/LVEAXjCFLo2FmIdbSUJwfdEmdRmCL10QXTs 89YBago2znHpbnPBcw457OCmHErZdQ2myWh3mO11mEPIGbNvQrvEyuprOXomDnf8 cwS2lKM3xVmtEJzIIrCfo41VZxog8zLKZXcAOtZwr0pB8c0s0D2T53oKBqBbDsvp C6oK1ToNon1jRuGH1hEn1LG/cNctMwm6j1EAlpdlJCVhXd2pvYkedotBJcD38j2Q ssz7Iwzb0258KYE0gE/HBKdwsjiAxk7lu57/JHxGoTCXY5qZXIybMphugeCGMBap 4dY611OAbaEIY/YK4tz908ff3jEN5tz/zuerzsB6LAJZIEwaBdtMJ4ugAS3+uA8d NhkFXrvDQAgGvTndf9OVbv9HMQL9uvNeA3eFPBpeC+fP4BZSO90YQURnuVqPgTUG nexx8Rdg5ymUgZ8BYEWdvgA1X0Vm1SnuN7y47WlhawBmfq0AJ2GtCfnBRRocLH6c W1kVqpsBsYWH/AziyzoohFqsTSlD2qhtouAuY7H9MejoP4hjwOH93IbziU50OCnV +J+hqpm5ABko6YBikxNsELMJCj88t3Bjs5Fixlp8Xpyu53rerlzEP2mqGNqtfISA hteF2t1eBtB9agr5xhCUhQNNw2BZaZMRz7S3/w25uXnIRVfqhQH4dd04KyrR9POQ M3LlMxxXcpKU4HK+pHlhG4KTtINOp5QI5nxcuFgEj2apABnaOXJKKS4hTKqVKH0B waA/KoWyHJdx7oE4FQ2MjbvAbCbzJVJSVPEvoa36IOymqdLhUVPLhdCL1WINSQvu NDniiKuwz4gwzcH4LokSEg7SIDGsHFWWBqWDXzuhCX7wJ/WmpoMlJNaHQsgg8tTf OKWUDOHRVoREBcrCd61PcueL9bgf/DZUIssWLbqqYk+q/1LUYJA/DqiuaYpnHb4x Cb38C+Zan/zqj1P4nx6gJXRJNWQFfiflcSrd3JWJ7QE+37g/7MUiBdTEwTzCrPxk QJP4xM69z6l0d/eBrGA5Nu01KxN6Cx1EZ0iDdZqw6upBertkG+71loD4LcZqzI9S rX3oiErA0gix/QD9wLQmfmq/fOCdzKS5MkcZ/L92/hMlw8EURLluE2kQc7EeRNJY AnpR1Osydq/MeGxdc0W8iZPUVaGUojYx8OTryNdbfnxfwVAZFxm+SmD34azsVjKG nvWyZWnzO6XkwaVMbbV/q7zta6tpceKcDt1fkjuiK+X0aHXL+Xb31UHbAettSe2q PHmVzTNTQEYDbfRY2w+3OMlRFldO24UjbS72OwLVq7hkvDdVIQiyA3n8B0c7m6K2 fRe1PK1ovXF/bAd7NLfY7erDU4IcH9eQZm7dF9IWdKawhvM394Lzz3SLrnCu3P91 T5c7SKCErrTYcS+9E4YI3gdc40QDAvyupZb0S6MvS9Waf1HnaO1o1B+RVUynlOqu 7tDuW5hR4TEC2+wkRfyg3AxEroV4Mikycq0eh/t1H5RIBriQaiuacUND31ADXTk/ k2ZPQD2lRLQ+K8UbxuKVIgiDY3P7mobxCutWBAfmaavLA6fMsb0435DrzYapBw8O avAhgovrs9afczk+xyC3fXHtXy+49OunqJg1PeWO97EXjl7YWpOqN/H6X3s83ve7 rn7hxVZckJJhuof+t8ZRuKZ+hgkQgVOHcjU5lu01xxmXfMOovH59hCuXXQss9rMu dlofe9QMR0LukB34EzU5LJ9CcmlRxqAMK6MYhcC4Ktx98457+q0mZ1xLFuv2vf5W w4XXfc/uL8krVjumyzx6UfTb8M2lhwU/fg3s6dcpuVt2z2kaaLgGI7ezhuIuwU3x 0fdrQqpLLf2aZ2kFkhBsumbbTRqBp0zOzLTa+a2ahJ60Fx/03r7PZiQEbGfYlxeM CYb5flcXl9FMuLRcigiIBVDQIWqGYy6f3QI9f2ewoKENXsttn9Hbrmvk6loBzm6w sG62Gmc/gQHQEl/EDBr4kHDreAMe/sRVtxUw93V0PzdJleSGvuXeMtEm7QmgJ8Ib porgHmMOtU/mMXWqiGZ7EOfws2raoug9NHfRdBnZDzLN84VU6f//STrdJm3aztKf s/0dkGk3pEW4+6KZDSlbHXGSXyD0NKLNIErKcs8413U0tN5U8wAgn1H3Xlqxgt/z bkV3c4K65zTrkHp4islBg3Vz6kV/tz06GRUYSW9JK+VegCl7oXoLNmwN5fboqiIR OdtJiO3K1xN+FqE284VIHJnNVcTIqDOmZ2AaiOaWakDQMoFNoYg4W28rHfooz6nt qME6KC4qVQ5GShyx2Q2xLlhUBAmVSmBnD3F2BWyP/vOTf0WkZM0a34LtxSU1/0pv 5v9lR1DQpfgdGkKe/DXVenRUicHL6qPGECwIIEYXupGHP4hmV4Cmy4Uh7sEZ4sav a+7TaZV2v0svEVx81HOlJM1N0TJCkb9j71VGJlFmxni9xK3r1IuNe+1S9YXN3ZLW ihCY9a2ZBabVMI21SCbiWzVtQy7o7bm66Gb5ZOlDYE4AEvmSNXJFRYUzSQFPZZBO jtj8GKS1hsd4CCUqjkuSWZ3eL8Yp19GQcXyRGGTT2vcjSFgrgrfGIurAHsbUl9Dr MDJ/l+jDnkMa8NjdLz+lQ1iEYXlwgkijpjQjE0zQu6sfGBx3473Iqejptm5EseSQ FpQ20pE6BoAyrSroLXQ8KQDHLtoQTctQxG1HVt8jImCAB/D1XPHmRzqOPBuiGM1N BAnrd9KYqYWOs6UcKoMHnGk5u5QPAI3XCpezXZWzGnZ3uaagYH7u6OwuFqaQRyG7 H/6+PZ36jxHTF9gPBTAVJd9BPQjUp+xJaYtDIjV3Bs4LE7KvqU42dHM5177FTjZx 6FiIe16RUnBnrT1oSZjCc7Jx6nb8jrhmpvN4Sm9f9D26+uTEoWmJgT0cDR5aZC9D 1KgHg8qp5dqSMEvh3q4TOluXaHYcpIW7jGMoXIMrdGMhJW6Fyv28nKI5Ycm61/qj bTqPwq7pRwx34kJ8PiGBwsvrLKs+w4/L3HykrexKaob6cnGbE676wQNK0wtAZkdJ AHXfqFxIWM2Hz4Qh1S1dhMqjgnzgYfBeKYYwAwoqEarrk+D37nD+JGhOcYgBM/np PkLV8+siw0RbdsO1smebUpYtNi+xG52WYhdVVgZmXv3w+LC838HCLRke6i39l0Wm Lc5YlSe3OW3kRt4TNRB3ZsCkvWfHn9q0g01UagtbqEs+huk8jKM1v2hMa1LcrRT/ eVLRuobTCOfJ3mje4D510Lp3+MYOrITuuU9ZOuxe1oTWyvX2r/iVDvnU+VzYvTk8 2IskaNDFDb6PgHQ/9we5D0dBQ592A0bhUvSSx5lTUzX9CA8QKyqhtoAQAf0o56rM biPf4MEFq3qWN9pxPWmu88XYpWYDEmq0MigWNmVyXq6bcvDJe6PD9zAfalhE6/bd CfVIGsCN+ZJa+aAhL0nqBQbTCdzVX6AHK6ky0CuQ1gZVREnCFpG5nSenGXqoUAyi PjlT4OwX1dV0TXHEi/bTkS26pqjFwuEgYsSArM72DkRtIPVAhimPUMysp4xYa/SQ TDfb4HvllCxx5D9sDwTvwwpz89IBZeIyxppnIv7AHPU3tWdUedZWm8MHeEGKiON+ AHRQVFdvmIJDxa7I6IbQmE9nJI30cwkAazhcl0p/QMUzH5sVTrY= =zGdw -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> e990d4bdf607
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 34f96be0cac8
Removing intermediate container 34f96be0cac8
---> 23c0c81284df
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 4dff4f772e7f
Removing intermediate container 4dff4f772e7f
---> 8c70768bdf6b
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> f00136628e45
Step 28/33 : WORKDIR /home/load
Removing intermediate container ba0063b94c36
---> f0349e45ca2d
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 196631d23500
Step 30/33 : RUN chmod +x /start.sh
---> Running in b162b2af8684
Removing intermediate container b162b2af8684
---> 560028ade5d7
Step 31/33 : RUN su load
---> Running in ea640d7fe0c0
Removing intermediate container ea640d7fe0c0
---> 2d16659d2178
Step 32/33 : RUN /start.sh &
---> Running in d672770e80b7
Removing intermediate container d672770e80b7
---> d9d2526b719b
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 044070dcb20d
Removing intermediate container 044070dcb20d
---> 1e3d707da65c
Successfully built 1e3d707da65c
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
3fea75421e26fd80afec1498b14aada69f716bcafd903f145104fcfcd4aa9698
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon  17.41kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 94fbe5b0d788
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> 9273c300964d
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 0877ca6f7cc9
Successfully built 0877ca6f7cc9
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
canary: 0x00ce15405ab9d0ed
time: 0:00:44.811709
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : jMAuVKJuyW
[*] Exploit returned a wrong flag string

[*] The exploit did not work.