search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #54

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/VHEdramLUQ4P1fVCufWn//NgPR43aPyYNjfcxEIaOM1x LREj9c76G/r8dBSdIyWKQrK72k+RGVkubfok261zmjTBbRP7YQ1MTvK+ZI6b03ZL OavJwlbTOkuU/gtE3EHcqcmWzG8/R4Kv6y+jV5+xd38dN4N+jQYfL+BzoqEwptxz IIIqwGckDe+KDd2m32W5bkYAezhzvlgXLGAVPYLIvz+ON3ymddc2XuhHTOPydTkG GmzzoKs6QrM2GqYzcyORA9XM2vAwx4i2V4460qamnPlVHkc8w6IPhif51SmSPZ0s 9ijl6E3ea+KYnWaT99W7LZ5pWaNF9dqXBTwCz6/ru4UBjAPcMgCV6N35oQEL/1ps Ou9CXwTaDkJeAyF31eANyipaBKKu+/lvwj3yvRsWvHHU0+i1F0Icp/RkdiWFVrFJ vCKAvhpWUl04IkjW7dbjdr9vDMdYJ31bOD8gjHychnN/fvJAVUjYDwPBtctzczOH 6Qcj3sgTG2XMIsxOLPfgbj16vlKE2ow3inp7w64yx5yvLpqL6Z4hwaSOlvnBLuUt YIyz6Y3d7mce0dfgPd7s6ON9L57YFvljqKDpZsvbKtjBjh/maL1fz8R0OZe7nvt3 L/W+Dkq3buIzAYj+TVNHGLgiH/zJgGT1MELWggUTy1u9mHlwBYp5EBeugsQhRz4D JKA/ICaZFjUOinaHGndVYBnykG+TKwKP/gq2SaVtTwC1iNanHqk1NsrOyCA54LMv uRqOueS4pA0ajKtfuLRcLJ/bUqP4My7P5o7EfwFwh+Lgb7oWlp8frZtJTQAjKtJY nt9AWjo0dh2A98d73VEn/l/q8SlD4EmWLpfeInm0xjxMzcIpw+HS0pgKR32NEdLs AaCZeHI3es8LMMYAWGLrYU4RFLBAgtlOv+r9tPqrrQgAe9gaUv43ur9AEDaHhWpZ KbI4pK8GhjhPkXbw6v/+QkBf+urlINg84elJky5s9hD35Tcwcz9OuoCvRnaKXBu0 fXyUMmWr+MP0H84YBBxdv1FClksc+rukWy+6fRtAxYEy5P5/ch3NSm2lJoMiFwHV jXDhNc6iBOMtzXusIekrUKOip5S0geajQ5bhX75nOSnsizLc2Ognaaggzoyh2euD ryZd0LcWCNr+55ov9ETGnYqdk1ShCe5s/xa+1TQpaxc6fHo2xHw8pbLaRptouMRJ V6uGywvY3Ge7EarfYD1gXPGLr8IyGdD9saULMmgmFY03ZIMcUcu0wANv7Ai+id6H Rl8BdZy3Vpv9dDY4ifDeqVrKAaQzk72B/UkXDP1hXSNIBptNaotKFnokZFu7DRgq PcYp5vneQhIfUeRuBr3e+LymGVOKJjAxx3uwE/Edy4Eu0Su+mYXS75CRit3xilSp tR/rtfxiHShdkQUopA/hv8w7e/o+C6hN1TQJK+njHZzZqrBCdAsanLi2rvy8T8PF oSUAAJuL9Yi+CjbzOkz9zPNatzUL1UbD9An57VAlDI0sAHsu7HIuRItcMPtJF7uw t1Pro0haLQfSIV4CaVmUhc4L5x7mGkwiOPxZY5kY/hqXLpG9hKF60utzDxBcaxLH 4rkGEgGTerRUj9ViKG/WAGZ+CICgMCo+FUZ4TON3l1VVXmam9an6AcuCttNJEjTA JcBflJSBk5TlKE0rjwGnq+UhEXrPl4czlRlb25BamrG8z4nbheJicA4aR9R7la1L RVRnCf7XUMI1agpYn74W30yn5NVQkrjqk64oCcMZyE6y2LpKH6N+b+MKdmcoPd8S AEopfxg69KsXE1jcdMy8nMiljpb4R+G7SxNooPv2fdnMxmV1ix0fbi3iyLHjeDuD JSEr//ShzmjDdYTHf6PjKbggLzpqmr1V3hP59YqkoJz7XuOPwFRNdSutLRVi4I2f Lp0pxqcPVHyXrEUsVATBlx5n+EyP+dL584C0fH+JWlJJSls8iiDfATtXXlyGoY6A dSN23U0YingPQEeugr11KA41bUem68pJV5c6cIIZ/DcFUwgCVpaZB/g61P9aj476 B/BtF8Xk27zetJlLVtl0a6qY2iiyNkOsuN5twPEmpFGxHcxuLkC+rEJPvMOoJHE6 xePn3EiflrV7DngSGtEJCBHZ93E7zrK1O4hssfsE3WS4GxAs8qQgXx0i/zs2kHHf opvZ4gyGnVZjDnvvjXHBHIQxRURCQPzEcjPn+9sg3JsbDBLucMwWCsZJaVtCqfTE DrMxRbTMJ3WvTeRJ/QuqK1M8E0P/qJ/1q/ilmF+nZR59gxRe8XwgRZGkEvkRV/FM HN0yDBSR4g8HFgbNyLz/TFn8hKYYsgnrHUxhzMpvXQHyLKQ/wMAvAok3qw1TU2Wy vIGnxGwh7oCK6TfeZu/FJ1gkGXBeRm5hgoMKjwU60QMgyggu/oQnMM4oVs1cJJDL bUYXrgz1xHGgTso80tMjx8Fsb0iCGBgX8bxxucJTpWgPULreCYS/RYIqg4R5ZR2K ChcnoounL6AUqmhA7B1b8gNZ3ZawM8ZYXcFA5ax+S0xgFXXo8yQiMJdI3DTBKvdd yFwhji6sV5GkhUGoEjUBRWrphzH7eEk6mpH/L2YI/ivfqE+TCF1gEpjWvM4tXjLu xv2zmSWv0GYlGsLyoxIKQdwpsOI1NQG6w3wCxNeR/4WlgstKV5LJ8X9HWtJK33yv BXldb7SO0hrwPIHCklC1xcZAE+My9MEevuAhEhQAJgP1JJ1mJZuEvBhYMRQUX8ZZ 3OT0tiB4T6cGSI4Kf58XoXCkjuW90WTGdeNpx10396MqTKTGDyVfonclwF2KI368 BQB1y2TjqdwQ+KhXWWW6UXTNHN9xXmSXhs9UVhmM08tKnsLBh0KUG7GaVXYZRWJL qtH+CkkO9JSiHQynHxDuwCOBr4XgkB3RrmT6HFGwNHgnTx3EZE1KB5Jpy79D9Y5F WXLRXB4iiZhyfCAhUu4YjR6JJYut5Wyh5wgxig7PfNS1zzbiiEe+4rN6FSvIgEZl Ql2mJbtjVncdScPS8bOrkw02RSP/YZp26KJKLsj8MuXmyBxA8R6aUmfwxPw4wfSR aARwVKxgzWCxbNoQAArQXJ8Ljaat+671ykym3+9A+AcDplcGvCPcLRVWmd25vZwh iWg+ymgINYMubOaNbtbr/uJF35m48PMDsvq5IohefSGO0njbmJp9xI5WEmpwUcC1 5uF63mpTLoGkldgZ3ghfudUoPzCbO5UH9njjod5pyVnEcLXJM5MbzVaZPnpMjLy4 jpiH/x+lVHXqOubZR41x023sarpCSStAT1L3xOOA23MuVNGxDrMLtPjqoebTKQnV mhZqW+CMQK2x5mEhObjVwSJFyxLbOmOqNM+R4IcsQxj3QwnMDUD95iC+mCm0rBYc skrYhWv8zztLqg27YgksWG2yBq1UBnQyCmRXeAHwGJY6c25qzuDXvPEuKSaH0dAR OgKsMujaHvxyp4FXX2Q6x7WqFF7TlmWVT6Jrn4HCsx8LMUXOJYnpiriZcCvbHnHQ ggkp6ENEl1uz0NisOz6YyFMTrvumWuWSi0zrbipuBzbMPtkVdhYCA1cJcQV5bPR4 Hq2n5UBz1JAD2WQYN8Z1lwT7RYdcDEUNVGds3PYwwEVXPNQPpOGqV7X1Y56N2Ukw xRwIuXEvs9J+jcvm4gGxXoZDS+wGtlDgychI6uCWmTWhSNagL5UwU+q9cmfq23b5 ZpDPUFD3YaA9qw6h4ilm9+6tprb2KSBoqyD4Da9kT9/hiIfGUqnGoYaPc1En2u3J CoD4GKEif+hlxzOtXO8D8buMTagk/4dQCEPSolgo3tBHwa2vEEHHLZGziDUMwujI SBhHKu1vjzgq/roy8LHIGYpWCNtQzgesZu1DcrpIAfx5H9PmlP0Db8DK0tw+bYbf fPo4aRSnzQ15A1mCJnxI5OKbfp85yyz7xRGvrKBhKMpFMu0/FFmBGupd9FTUU8A7 BboxuNtsdiZCTPArPdWdW1uiAMtm5SK1NgEySoSFU4WQQ6xqxByp9tElD5PFbGan N+ACNLLS0Bs/pJSdla9/iIQX4g0SdKqWvOc/UtnoSam4mATTvnMrpKgVbqTpdQFH L9lWw4gLUmIILfFD6VfqBYvphIWnGqgDwh12ZOzWfhpHIkhCxBdHFc508/xj3/1w CTgwt0500LSv+OHirEOHgcCmZLGo2vuIXZoa7xGNp+OH9b+ZOdLTuncB26oS5g9H BUH32xgDkJmvkx/dy6UAkeYP1M+nLMp39r8GCfOxzwGivIZWRo8YRtz0LI+R0OfR xPZdRdFIajFgJhMM8cbXXLpJb4qFb2YkdfcFONBiT36fgljzvY2wb1Am3J40tjqs hWFj6qIIAMY/cflIDUdNeaAJ66kKKRy6tmU96KC0L+qhaSeLASHofLKShG7F3tmL BAVVOY/VdeAl85WFTmsX5NDJm0qJPfK/gg/Tq4aq8WTVoiSQCkNq19eb/BWf9QNK TpmOXOos+r894CjoWmJhRqMRHQt1bCtFVfvs6cldMtHUQNz2jENW6ZUhUSa1hRC8 ZYi/BsZ3PTKWrj31jX74fWmsd3q68ZRv08+dyef0Q7rljTc3XvdpazCRvnNvSe+1 6uBc1cjUne8gikWUoXMOlEsGqqKoSDveHS7+z8tIK5QQQMjjIc6dxAPCTMA/hNLs qH96BU7qFDKIJwL/sXvtJrQiQxGl9goPGuVCcrIE82iI9LI+9VbRxudve8Irjo/F 9zpdEZFqdYESUt9tVzJJ1m5nFS/jpWZ4v4D4dUh++2VMBZeqmQuzgi6WNOs0es3t g96RvuV5M8ALrRdcgG2Qys1yOmf25imgT2oOg05iMoeo/J9fgy7H8Wv7w87Yew0s NFY1OkxTxYO7apjm3b/sAsDSLerX1QSxMz1vmmxnbeAzLUUSwIm8So1j68lY6cWs 8QKA/AWcSsVqkFhWimuoNvPKVG1HQ++JWKC/hqP5u7bxa442aKs6065PFb+8fUIy iUfG6B4mF+BHAwRsJ+vDgRWZJZEsQgYMrdeRDFeaMIr7m0JrHPUPO82aB0C6Rdj/ 2+s7flQaKzsIArAJFxbJzYG1xedrjkYLFirc5o/Mqdn41KAQpzOF7IDyukCEuGOi 4m3M/IynqV7a85X3maNRKk8bm/RFIeQE5T7473ZRzBMs5IuSOKIB/Ead4J6f5oLa l4+Wl198YzBHe30wUQLkb6T1TaTuQcSYvuawF4aQjy6IZXwHDC7AaslNNd562ARH VanHutO6wDGzBFhczwN+b7DtJA+AHwlfJHrR+CDNxvM+zpWMMVbEfIj+K2BiUEUw rOVmrUwGGBertvXXlwXsExcxGJ+Js/jAH5QLVbuk+EB9EJ89CwbP7M38QFOSGzmU yx5fO+Jc+r1Fp7pws8B5EvqVPIgo2uUZ0w+l0FXE2oNjTz95V/0hbJ5OnGv2oKaT 4uuAspXNX9OjSoyP/enDb78QKkGb/tYH7FJGNMdDzhlErhW3jq5B4f427lK/jbcE 0NcBHbMHELcUIzmtzYrhHUlv24z02u2O4EfCT/e10b/RERAQsGqgKns+kynJR7p8 NiLBOds7HXZa68HEj0dpDPfEIAChmg8zItM6P6wjCAb0DcMUYMNuhQo23OPTBr/G jfuaZvM4cPIpaZabOpPpWoFL/ISHVNFU7kseZUS8E95nq5I4cxiBUnuN0p4yXe1H 8wut90jCuFRNlJOrTYWAM9lUiPWiTfc88xtppVaHEz8ELXVqPTZ1Puda53Htrwog kBBdM8V16lW30CT8CvsBDPK2UF+H9EsqChil0oNnTQBEK6agUXlvPjRqd6rs0dut FwAaRMcOX0y7eLfw3bx0ZhzA9b/jH0c9UZNmPhSBXvv/SjV0Cq7tJHzf6DIs5CSE tDWBPNCuP+078qqyGcOpeUl3nginyNAGGsNw9A7Z2IlfCmjASFKvOTJWaE+bjola U9j2a1kEjskpV91SuhJW6enOY2AU9WR7wTxNDvHhWJON4PS2nfz/ILvS/8uWeEP5 pC27tPxZZRS9/50yZWW06p2KfOMLJmT2j0X+RKLyG4VhGQH2WLGlH6pC7xNACZS3 40sUCt+hhVfkdqyLpFmu1E12JlkQk9S9/32D/AS/NWO2JcMM0LDRZaD/Ge03djFj PWQ5Qtp3tbs6TjBVi0bUEp7QbWIoT4tHiCjN6xo2PEpEaaEHwV6jOG6aqqwq6joa 3JmPynFlX1svvnL+dTDlSTPDN7dfldhfgfHkTZaDLXtpepZWP8rDJ+nFo8FGotSQ BUDTGswbTabGRWnzKUe5+C8ccls15xMpFaW+LecFjzEfheGG2MU682pXZ4k8UTUG unpVu/yJ1vCJ9TV5dehnacCpfha6Bw0xj47uSzu2Hpb64QpsKeTx+Qxd5T14XXik 2yNpndRpNntQxMnyUttueWe1ZrF/WkpgeUarKb79xVf8PoREn3w/pzdNfCRjJW75 WzttPs6iUVyPdtldzj2ZctA1IMBocuvlokR8NB5xNwO7S/line23o2RPpVXonTFO lPImvf1T2lsYMLjWWJX5Wtxo58ZRoWyQmExUY7PUs5R1ekUAgaR2+wKsAjD1ULPe 9ujftIzN2BdrFc3TiQrnDT9dCojpXWU4A/Dn43RZA4cvpgbvxCmZSB9ORIM/ZdT7 OBv7m8A6CKiEQnPpFt92KPJ+eCdlLuXLwxAr7Rm1m05Vnan1Sx52hOWMOw6V45Ah fzeVRBm9MKJP88vZQUXr69kKRWX8MpzzKbAmw1vhsfHlvN3FDSAoNamHNbk7lP6o eCzA+no0VMf7gdwxi+eNPaArJvhq1POgBZSiE7Kli3JtueOgpOsq0uhWJA== =hO1/ -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> c9b7bc40de3f
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 7afeb2adde8d
Removing intermediate container 7afeb2adde8d
---> de1c73dc49c2
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 40ac6cabd999
Removing intermediate container 40ac6cabd999
---> 07473a9e577a
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 5886d83ea3f9
Step 28/33 : WORKDIR /home/load
Removing intermediate container 2691cc5bfddc
---> 9034ed61ba18
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 130db5cb8f34
Step 30/33 : RUN chmod +x /start.sh
---> Running in cc066404bf46
Removing intermediate container cc066404bf46
---> 42a874dcb71f
Step 31/33 : RUN su load
---> Running in 31713ff5456e
Removing intermediate container 31713ff5456e
---> 11098a821c87
Step 32/33 : RUN /start.sh &
---> Running in 3e5c84eeca12
Removing intermediate container 3e5c84eeca12
---> f73597abf3e7
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 8f11506ce423
Removing intermediate container 8f11506ce423
---> 86c6cb1654ca
Successfully built 86c6cb1654ca
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
33ce669425c07e236727086ac83207ac694f216921ae7a43a8f6fb155ade5780
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon  17.41kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 94fbe5b0d788
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> 6b7e7045389d
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 6c3bdb8e6e75
Successfully built 6c3bdb8e6e75
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
canary: 0x0021d431877e4109
time: 0:00:27.999683
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : VClGDUJl3z
[*] Exploit returned a wrong flag string

[*] The exploit did not work.