search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #56

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf+IYEuB46t74VqP0wPuwn2XNmgypWtOKKU+68v7MF0ErP5 ScHgk9j0foFwxCMRNZCbiKcZoTIjoPHFTm24BurlIIXBJexP5+nh5iZ+aqXCuG5F DQ0ARMA4eQJtzBn/1aMq/wYKeAhnmT4cM/2n3KuHrKIn5ZnLVwzgQFJSr+Uv7rY1 cpLbbFxj4umKJXCH3mTCQzg/jvvghHjgVYHUui4g60XVMtGDR3kYBEnuoSxRioaO QiAN3pPz6lTxT+S+QLtezZLc00NKZUTSfSRG5KL8r4tlIMf3vOiuj8XE5Ag0WXaB 9IQHtmtPKDfJkJEdH5hCelfMr+b1lC5IsD3xA9NQYoUBjAPcMgCV6N35oQEMALT6 9rdw+6gTQZ1IInXxWNVt17U6VNw1RhQw6hO3olVm7EwQTK16C9pgAXQNwc4WfhCa vx+5SiKFfB/6P+55EU5Y0e5wpX/osq0t+0f7NZPWxtCH1SAX2qsbz8JKMFBnTq2r w6823xpiqCR0a1a6zZaNHYpvftKuXKc6Hc1gL2MQNtHQHqeHfBL2m6u/xDZEE9RJ 7u0Rgxmgvg8W85HhHOkhwlGqf7hmqZY3wP+rJHssjqz9+ZO79jl0GK6HYiOziXbh ZhkrcAebf5tO978a3MERMtKdKqob8yDFNDphAzGqsYpL21pwLa7lQc7hsnrbvJrp dBNmjPkGL58Awmbw6gVrcPCfAYft2ia9WxMj7PsaFdQQFSnAgDEdMqPHOPnGWoGv 5sbve/wQrvLI304XC4E4Gl3znIrKoLrjQueWcGaMAp0kEnYvBrQpm73DkwHS5KgP qKCx1pQ7LoAHPoDEwkgGugXZORw+sCpQOwhviyd9zTJ9ny/v3sy32Y0ykJDl5NLs Ae68zVJ2v57HwjmtLU/25GPgPVdwLeadXNBIvvi6HGK8rfCt+ZjJJTOV5UAg1228 r4uyn65UZoDKXKJpXd4smqc+rRwieMkgXUpx1LMBPPwTpmUfNX9tKp+iiSqyWBe+ e7gYdeNdIzqlly3JfMv8tOPpf5xGWDFPOdEtFKdsKs20v2gc3fDOahseCuhNBcgf D7UghxQh4B2Ez4CSwBV1cqqCN/nXHXhU8UkDmJxP38qA0lajiVYX0iOHWf078VO7 +dYqCXuCrECbhV9JlbCvprbL6A5pPR3gQ9ElYBR8Z7+tV+abtxpYW4AoTDLIDd7L awbjXTQIkqID+J2gYVbSLBymu0YBHCmZVb2ogmzK4gdXv8uKOTGxzcJ8stceQjnw EKQpxRAZYKYXH2GsY3k1AASHL2HknC1OcHkp4JcRx4MrKcs1KQxpde51N9iYj5NE Lj7cgWqb7TbDL0TGgNe3qIqgFolYGx3d3/MUu0nVVx9WA/WbOopYO5A+Golf0hZq QppWxWRe11kQNBTwoF1ypx1KZhdEQ3KJiRw1Jm6E3K+c1LNyDImwAeO6yzF3PMgC sHFmoR1/o+0CofyOrxjL1uMZogKC81K/wKk8O2m6vY9mB00KkqUNMyebNI2WorCV a1Ot9AGjm7lpas7GLQ4YnI0TUnaLK2LuYthfBZzRseh4JMZ2UuMn0mFwAHz15PO2 z84DVRCwMGtyrAKFYNeDkA9W5PbvPmashpZ6Tua04lCUnsYnSGV+kFYbQ5813SJQ braSmRi+y7/YDnhDosI+L6PPlyZUtircfe+PZkJYbztdN1uXpbAOqyg/Ey0t8b2T AR8noPjpRRbBQ8hRpv19mZsI9c6b+TG7jj0WH5PX2WSY+rwvZm+jT70WyMFcfKjl 2jkywcch83YIvmGhKgVDvLRoUebxifSSmZNzGg8AAQQByH9z1uRGzLb3ax1cszjP YJO09f+dcSMJv9LYyC6NN1B25mvtPnTjo9hk+BPkJrNQKZteeCogMFxZPZ7cCO6+ t/XtoqkZoU5NiJt1+0hA0AGSdwvoNWRMnoIcIIkV0EDcUcgHMzsfoqoTpdEszz15 J+Wdi52Io92xrEpyVWCF5WSSpzXKHz7k1CwNmFPteHAKIp3nLyxra2hHojfG4gLR GCZMZA7z2a3lqUCNFMaXheAmNcpdND7CzPEqoUF7PkfAeJ/Jtvqn4wjleLtx3g0q OVxxNwC9HKKsq+FlSwYXJlLFgGLrbI0vGj+cTCr13Bk19B1EVxlTzbqNNATutcDb gTXGE06pAI/hPLX+Jdv1qHNhdG33oArHXdqiCsNcItAJv+HOXuLaV/Cm6MzaNBel LO/dRuaDIijBhgKnqy2GIzHP4ChZ4scErVHYgdKcUxg79rAHYi+rOtiiAP+LMKsC yCtpU5o2jXEVN6VkKjbN9psz6pxAM0BDq2Ol03gLm5p1719dRoQzAkKo/kzoOXEk /M/aLEQoQRF0sQgEDNkwgKSRnHdTrHZ9696iU+IzuPmB5tQxm5eizgMHkU0qnqIN 9P06p03w21Os15fODMgVqmwAtsU/1i2uP8+sEpoTWjuD+Ni/ii2A+6UjDDfqrgWY Uy0n5kU5DtwDSv67JIptxPO01mesFaJ5s+fwAVvyHa2YpmyYTwUyarPUX2m2gDJf H3f3jIWLx+I/ZPI6U/lk4RoY5cNDnVLtA+RZ7Bf1xxZG29poh95FoQfPiuvVQYl+ vTwkLyAfNb75zTzR4+diknSo8FNa0f2m1IuRz7zjRhMvld0xJoxmi40sybZw7cW/ bJjeiXk7s1c2bi4DJDXDH1HoPvvZhOBufSwL+e+uKFGqwccKlljWcF6HbVKqLoxz 3qiVqLh2lH5QMGiQnsC5yNmb5FT1N0IbV4+vletO5E/84owaEG6Joce/p7V+OaAY V+i3dQAyEpYXeGwQ1hSEnrqmFWKDhYKF72ZCY4qcrp/0AICc0xeTs/7uHPsNHTeO 3YhazoaT3C2IWwg1XD3IuTiJ9ckz/4kSXHcPsFzt36uVJ+t8fvxQviSvnmpObaEd aKV0bEkvmU1DubttM2jG0jNrg28z2tdwdiVtWzeupMxJHf4SQcxAxz4j0xwGZgUV rVzqZTLDpZQSJE6qCUMC4hPgux5/V5XTFClENE9uQvBzz9zGzwikkiuJXUGpYYXr pisKxEeVP6Cn9OpGFqw8fchrwfInDr/I+GJ0wTyCWVMOjDkt+TwCRbsyCPhh6WDe Yeqky5RErfGZWSDOSAPNPFPZ4ySTcWhSukfJN1nK5ylGO2QXWEZhCcr2e3NHBqJ4 FMAtPAS8lVeqPzwxFmHwg7dd7xNb18JZ9SSAtZ0oGe69vB6Zw7+vxQsy9kHnVhUR BDTkoeJLYFuvSdVl6R8rB7fpOWf35drId0yor/gTlSUvWDInfQnQEFOpDOC/30AS HF495Pk+JkU+pGyO9jamknGT/XW6g3r/q0ZW2ql2Uw0mO2NxME57dkrtQEp8MAtr GMtmEfklmB+1i464D9pSCSXlXrN6nwQ4wnag0dxPKzMVzFie6RQoFr3BvtPa40MZ zmM4aKuxwBuRf9tY3RMoHL21qHfvH6NoKWdWM6i44YAYg0sYI3lrW0TqVPpvD0SJ exdFdSIr5He1DN2O6ErXYngTXQ2R2HAxeAP2vpP3dPV2HMl6a3iQbgSR3fiBbJLm H9+Xiw27exEVPyJsvBZG3nyh2SlehWL3ZmUCjzG2yW1Ghtg1dBObdxmC9aN811yS sTcal6L7y1fpqeNWenp98wQDxbygnTsDUTpQVpJlwJH1HbAseM1KdT5KxOGW3/ps 3j1tShMsXjInHwlQ/TEjgXtMIhviyts6pz4fAn7zdukNiT5EAx/sxasN61H7XZgi oygA6+E3eB+vvf6kIBFaCQS67ORadkCl8xMYAiK1onclMSH9d2pfnrurNpYVqk+t LtIHtcwSDZEw9oaGoR91vWxI8z4GAkQh38bAiRMuzGc+o1N2nePnQNxY/+AVcAdH UPixh0s9kl7OvcalnzW4CKiFzcTfW3Up0PWPGwUtlA03PMwJgJud2tpLjW+4lNxT 8EOhzdgg5sMYuAVJ5xXUT46Olobv3WSFa7GMtCVY6B9P0cIlSNaRW8QigPzvpYOQ /OxsiMi4JB6wSR+ul06fLPXlqF56e5zMBhUDyLeQZDfGpZ+mvtFuCpCnPXkIuQ12 YsCskzKB0t3x/CLEpeMD13JkGP/ByZ2zswxeOxBoLnDBCidQBvgnU+j9EzZsHF8D 4+pfR9LO40v0Y/UxPoP5WDCZj4nCWGfUNUZb0+UBrM86GoamTsgDjhXnkc56CWj+ MYqlMfvUX4v4zEXPIs7E+MQoFt+aUT8S/bVv1vLhvfiNAQj+EHOVB1UpmwWPNXM2 v0kyDRpOPDZ+BU5YuWSig1V77B2x4gBc2uMcS6XnHHHB2xIfVADhKutaRRe2/PnD 3qtn4IVxoqYWCcnWcqvtPmpVG8V1xJhMj5OMg6r4KnNikSnwrLKTlEz8c0EqWm9m jP8+KOwLrlMxqWZHnKxdc6vmIICQoekISJbNhnz+/QnuabZ40FCq+Heu5W7y3Dqa xA7DrjOioXTsWuUtkqc/Mga9QRUkaxrFQQqB/dX4B90krO7M/m8XK7GDChiZHCKY 1VqWQHyVJsrSx2IPAlm8iJHxxr+f8F+8NISnIboxBttJ0Zg4nnHQaaXGxz8DGLiw aR/S6X05H7gQsBEx4R1bP0Rid1xskTeIxH2hXfPjftF8d5GBbbsO7VGd7yB5wmrV NFMvfKXn4H6M7VUCUtw9lhj1y16vmkGxp+E1XWf6hbzt/khm1bB5seSTUs8uYCQ8 0amFNoCfGk3S3Xlf+nEVqQ6tVco69Yhp/DVR5jppJ+GxsFEwE9Fqiusva20iBYtW UUTopYTfkVKUXGyn8kKGoXivKQprCNayOum+2bNOUX4+gBYNn7SNTzvOtC5cxRyj UgYvgWB6yqtaa4VlNSi0itDCirmGEQTBMdm9GuZb5mJ3wFLzKFx/ScuMkwH081zv veWgEt9V2pTfzPrhAKWrnoJ7lmKqo0I3wfF8yj1j8IiVO1RmfmJZuAefuBT6bste /dhUy6KX33+rUUJOkR6mM4sf3XjEMaFpX88ESMZlXNXx56GPOX8grjHfWtwdLB1N ayckMqa8KV21rJ9Gc8044lTQQV1SHe0L/2yzWxSNMwtbikECs6JVT50e2AZSIpl3 7nNWPuMZXr/d0R4vFBkXKtmuSl2+h2y2zmIITyVp79HWZ5BKPEy1ZQbLUPSMeEMM HGB4Tof82mMK8sEQQmzUQpH3A29FlBu1e3KzcC0hxlTFZiRoYvA8m1Wo5C3s5UOf 13SwPdItQoyBlbahJa1wlOnTTjUrL/cV/fL23I0oqWPg11EhIj/uSi123hgositL JS1uR90cAsvY7uzWe+2oMSJrs7eRtagIqeQkj7hGM+HjK4lyuvxUGsflIKX1vXuw exjjkDNz5JHOwx1dptR66DRCUG3gDUnXvoS/t+XcagzLK1mLRauit1ZcD+gRCCmo fmN9WXTmyS3xnbjCxv63cZhSByRZ6IXkePA38hHJzOv3dZbysdJLfObCfkRKkHBD EXNCt6Cdk0ri5jG/4YJJmXFmfxrvZkt9Aj/xnkx2fkMBeBXvaZkZTrg0X+9n0Waa 8+Slkk/jGyBKXzq0IEr0SD9JTz5oTuWh1rMafLrIISLX3wzKxKhQTuJP4ec5LBZx hUrnRAUNcmExqrdYm42NYL9rlcawCfyZjndMA75m9IbCuj/A/StOwDTftYNzfSZY NMpNTX1fHh7ggVtfKZTnH5UUzNJO+9suADkIxwArewJSDxm4dMWvIlp73pia/Z4l dOaDAOpF7BPWQruTYG9GnwMP48I3p8xVTIN7jumkhEEvb3PA1hrstWD0QcAPlHb/ Xv6Fa3YcE3ESKgZKZvzV/ggEKmxQlhjCDQlQo3KASPbsjukweGhgKBn26JSX1tDo AX8MYdqPx0A16LppBo/zYOVEs20s4qlc0f4wqZm0FYWyZWWvbYPzWzCy1FlyUjeE KmoT1OvcJvwR8jwmO3XiMQrmfCIGcn6JvexJb4JJuHeGw5B8wySo7UD6tbNE3KEU H7vyi9sK0HeNLPQXmp4j1GD4rNBl+gBpCm3QVYRlYQBsXCQJvV1+qxkojq1cm2MU shms0P3I9Sxb4YyMmu802TwTlBs6Wxw0LNGZ2hTe00ceNlqFHT9qOzDeKUOL3c2D 0euszVYxjStuAEACE9KmOJCoWxjVbq8r6rvNK19h64abYp3MdVanfU0gk09ZQHVH 66u+8iOXybppYWYlgivkUFiUnhgUIY7ueJEyYZKz8wO1/nNGNvLEBLALE3QpEW09 B9biwFstID8zBJlZWbCHfGxTTx3ByTP7U2z3czRIG41WAxaZWgAuS2x+1CgQyBwc Iy87AuUqwJ550r5/OijzbcCx3gPwWVeuyvTl/skJSJacDj/LwPeYC7jJV94vAo+T X1oBM+dVrbZZJhq+l4p5F8HenfE9nBAh6km69kD8LG4pxXzfCO6mw9d8NM/v4qhA CzcQQVXT/0OCGd+QK/uieQsWOHdeBOe0XAQj2VTiJM2L6L5QQbaqfIEZJJtYDFMq 6+JwaN7uepSV9CMI7IHIDJN3facNm2hmw0IUGbIVQ6SwA8wB5ZimXghb5atGnR3G Jpu2xyqIwEDsQTDQ9eHOq4IrW/jCmU4ieA+EgW1LjdyoomX27LN4F9aWrAn47z6i eSJtM5LC1GMSFiDI4DhKsJWMRexYvegLuqvMITw1he43Xib8XSKbWHdu5s4atTgI cpUB4yGuwuN3iq10lJ/YHaOVVS4tfj4zT/BmNMHp9lJD9lByxskUW3rsNUOUV+kd Bdjzc7YtRALJnedcG3kF3U1EyWUPNyjEOeBK9I1mqbaLhbG+Xieh9fbOD5jJ/tmo camW =75l3 -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> 8dfe75a239fb
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 7e209e599229
Removing intermediate container 7e209e599229
---> 5e66127c9cfb
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 14dc5087d082
Removing intermediate container 14dc5087d082
---> 693687081476
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 740a5423900f
Step 28/33 : WORKDIR /home/load
Removing intermediate container c37ca1664ec0
---> d94db0a29fc7
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 34e02a41506a
Step 30/33 : RUN chmod +x /start.sh
---> Running in c7c79900f52a
Removing intermediate container c7c79900f52a
---> 51483816f5b3
Step 31/33 : RUN su load
---> Running in cf704dfe4cb2
Removing intermediate container cf704dfe4cb2
---> 279c891d041d
Step 32/33 : RUN /start.sh &
---> Running in cc45f1cd4922
Removing intermediate container cc45f1cd4922
---> 08cd34e6da6a
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 0b09d4d2021d
Removing intermediate container 0b09d4d2021d
---> 0d67e334c584
Successfully built 0d67e334c584
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
b1432c6a158cc32c5bbfa035160985cfa2a2bc636139594cfe24eb547b927fc7
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon  17.92kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 94fbe5b0d788
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> ea53376c5d90
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> f5a4fe809930
Successfully built f5a4fe809930
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0
1
2
3
4
5
6
7
canary: 0x00b56c32d5fa5439
time: 0:00:41.821727
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : TphMVzChNT
[*] Exploit returned a wrong flag string

[*] The exploit did not work.