search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #58

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf/Xe5zD6bDqlfedg7NTmVFbeQls6z8iD/eONFK3Iq6QzSV ZcGqyJH2WQXo844eKAmESA7OEi1pSnMSwpeyU/ZLjluauxt3YKdGkdLqYd1txVYg av1mgLCS8Y9hM6xwSPX6wxTU8bZO/WIPsPUBS8Nc3XzPvgY2q8MgyRBgqcuRCQoQ PbO5Zi4IHSMzV4klr+cG2LYa7bpRI2dejfNm/AelC4coUChC6r+mWqAMhfUL5B1d eDvl69P59YGjlfREHwbJQtWTpvk/oChW0LS4zr+dLV7F+tl4QyI31NiHekBTxfJP zVIKfAQhS/Zhrxo1poyPT2yhTKoQ4CD0JuYI5JkAAIUBjAPcMgCV6N35oQEL/185 TbVv91KX70ozISxpWQvgWg5ysl6jjx2xKuo14fqJkZjQl3l65ZWB8GKRPZ+IrhEp ZBCL3rJphn8oF6c1Tu2v+SvbOM1VhTtE5r+4RGmznwMMdeLnfipeCOr6UBpAVzM1 DKlPrKnPRKlYmwgxsPaKj9aYlPc2FDrX3nVpYUMXwB4Q12j09uQEEAzzmRY9Cu7k hj4guwHDjzI5xiegT8s7MSVBKHqV4DZPDGiRoq1FGgdNh1SIMqOnykdlTH9mkt2v 77peqk4cZab0QNkoi0aWp4tvyxu7vaqR2ICZeqe7cGEsqLI8GJo+HyZPe0mrbh5i j/zGzxT5GIKNkfQP6g6cRol4YQ+iprvw+bXj/Owqc05HexNFsws3tIZXqvJgIF3p 6t8SSEjgPzD13VLLVvj7VaH5UE6Xq6kYVLYJypd5rtWjejE26BM7WTUUqq6LY/6X tbajj7h1bHRhYpZwXdqmHkrM7DPQVGhIdeMU31bxS8zS49Tu/STOt0FefW5pINLs Af6A9H52jt6ygnG8B/+6OHW3X2ruDrcpjizRTX4Orm5Yr2pcwejHJjoXrAQwBwhl s9bzZk9lqT32CJ5cUzCb35pH59K5SP29V0Bf3wFlaPjnYsw1EkXwFIdQOc+sPkwP 9J5iHAzyo64pbi/f65wpyPx1m70Uor+OVqd6zyudcFKeg5jXhBxj1o79Jta35jya hD9YG6ClNx9kEjhr0cTwbaBAO/e1ii/b3sX9QzQf/2vhy8A47HQ6+gh/yAMRN4Js gj/eqLnzkQIPBnP4wTfcnCR710A6mUUGdnBlIK3r0Hf5tQrXNFR+zESOd9YWQYRT Xm3PFdk7fNMVN6HpKuwTywk5NNkYcp8CzCLKgGAh99wBZdoueJz/qbRdRcCe185g LO1r6/UvIxOReqwnK0OwX79DbGXthpCVkXLWxmABrvtahO6pmkqkvE6M9qWiASw0 H0Wc5ht9/4XULdp6Lc9/xqRWlLx4ZNrBIk3yofR4ZCb6HJRGYOReMT2DVCOB0xJb N3urPMnt6JMjybixg5AUblNei7uPv+YfP80fH/o3mlsb6jt9T+3QlP024qfNqB8T lHICh/ypU+E5CB+KUPp/qXjkbAOYC36mRt0ySr+BFqFqljsKPzOStDgz+VHfeY6M TTTEdEpf0lvxPJJ829/6Jw7LfzQeVBx13a+FkLIWA20/cyp4rsEYRlatMYXj5bZi vpfDo5rRgeVrPgNN4cnjmb0j4hw4feA5QbigUrX89Y+vVDDzqz2rN/eE2q3QzCYm ioSGjjU4021vSYJW/BOygDphPNZU0SlCPvl99LNaL+JTHDnpDKCbLp+uwrnwzNi5 Joe7GPTtyzCPZGo8PiCDVFRJZ3Tec9feHlRQUFHuFuQbjVEVi3sTFQb8Bwg994nX ioi7iRCXxsjhQbdz/VxwoW0eMRbPMFZY1GFAOGBcytc/g+Gkw8q+d4k5RH8EybPD nUnuOLkRU+jljM6VGOQBaeaDh9uWUzr4M79sCa2IG8py5+yaaYiJ51N2RnOOhWe4 rEDk2Qln/8NQ6gDNdg8vkjW1DojEO1LLKfAh9YHkJp97VCo91CcRqHVnjWSy+Gul 6nForNqp5ulefW7KJtvPGO9b+nu8c0RSOcLgIH4skZDu5jRZWA235OyyhhavbCk5 +7kgq/jDLr04IiEQzDqWsXQQ50i/hgFVvs48B6c7WlpFOaF7aM+mPsQ/gJLySp6U 5WTddSlwLDw5vskOg1Mr1Io3Tr1l4vgkEymVxCQyGW6EyWuVtUQKDe4xEP/tVr6o W13crRSoESAsDkq8qrP/unXz5LGZUviJCoIddpN8R5suKadn22jS4RT9Fz+Bgmmh 3LOV2yeWQA411m2sbUekQmGTVbgNuygsoMbtioFQ7CmZM8tiAjN8Q6PJBW26LAWX u9ZO3iyxEnMMMcBHELBkaGXuML5FE0cVpx3PAvzePA+cV6745DV2thelE8Sq0vHd PpzWltRrXRzjK/rNU+SvA/EIyUpWIJaBHMR/IsFyEPDBof3OqbnEXmGB0P3YeY/F 4CZ6OncUMA3UA/ZjOxqPR6deQtqOLOEI2v+dZDyYOf392RYDDOOIWKaug4TRC1yu lkmbfTRmQD/r+9fYOEggk86PUltmKBDwCbOpgYIapox/Llz6aa45Qi0nFZoPv3Lq 5Vz4d2L2FxsrfnnZ9ZKb/YFNjJMo4EW62we6RHmqK2l1jf9Z4Ip6xwacgmqZuw2k YHSsgjONZJYyi768T9TYifoBRwVSrnnpsfuP8QHHxnDIoji4bJSGoceXU276EEAi 2rC/3DXUoCP1kpkl4e/+zZW1K3o3Tl1h4X9XwcElCAbDx01dox37o8NK0rRtF+C7 HGbRR4mc6O8vx7T93jRoqoqWH7pSxBd5/87Mq1kmmYSt2N2CCSQOPebwdC0MsJGe EloEBZ5lPvDybuMHV137l7K73NRmf8ZooUvRTPyBf62eeLuuQaSlsid64hCv8r2x /unwIs1i6qJ7uGizS0qH0dUEVDqNPjBzkkTBSUrIEeE0M0R8UME9ny09QLI9zTom +vInZbGFUjZ5IpZSSRV/fe+LYK872DqzRZ0MbQ8Rha8j9qb62f961mS/Qc7+NLcn De4+Y413BJTx3lgLYhgPShW0YAisGcgkGYceNE4uXmRrY1DsmYem8NMmtxXnQTd9 Z38WgJg/lU7MTdkLtZ2IVf5znI7BbTe7GpY2qq3ZyT4DMDZcsuox8cT+Gl0H0IND l8H/GbqBi73F0wTcOgDWHRsGOxN79LG/xNxeCvPpNgU7z5Hcy9ZTKarUCfUWfyBv v6KvbxOWapVU8CZNdghTN++A+F5Kx9it5yq4zHJzrTekrx1UGj52+YVPWopeSmb1 3nRChMQGb5h9axloyBnaxfUTVZjSb//G+k7pfE1Ecn3dpWTteU8vbvY/JmQlKGel MIaaWrLqNkzmc9F9qqdxL7+kRXOH3wGk6Vk7I/+Yfe2RCTcsRDAQ4kO07vpfFz8C kLZ3plpZJzofLAzaIxp3/F/QL9bSe1DzrlfLl9Ypng+OKzdLgPV3xcw1Woa6Piio eATanDAC/pql3zmMUcOJQV6RCmAJCCtBNq13yct7sLlHg7begu5lQVOQo5FOAC5w mFtDwc5Tjkc+L9jsKP5mTk2yQnLUNxKZP5U2hy45mvaxCrrCXFoqvGo9WDzea/nA 0cEIdJmg2vlHuvVhUaKPJAs4K8XVgrw5rxtnl/hL7l7GnRW96IcB5CwgoD7UFTy/ LFpmGoAa+frW3ExeLMw8jS8JrVxjBQchhOg1vrfughafQIBaOjJGrxeUuzus3jjS E9l+GIVrP99QYwDlFTX5fdQDAQuNN3MPzpou4rKZ0YBQaDeS68/N8sj39O0abJ+y mA76zBqVt+VleVWk6gY55A4T0eHJhTp3mvQJTTgrPtuxYf3L9oFZT6iJfeOSslo4 kuxPEcaQacdi8j3VK626kiyTdc569rCfSNeGuddTBRp7Lye0pqidv/EWIPtlECYM bGCLNBMh68P5dAi8Sb94PF8eSzZ100QBHebMZGkvlUutMfUe3D9c0JaAKOxTcP5g RQJMU5be5RMDkTcQa1aruw4YIeEkTyUOgoLJlBNcdF/0gICeeTADb9Wml5TSgGb2 ++TQ4D0A6soQpgQ+SEdxcZfqV+yAEDrqsAjOnjYTG/DhnqA9bPQmubtYIq4SQSFb bJEn72Gvu4WypaSMWRdVzhfZepoAJAf0eCggnhWbZ4wbHqm9WXxGGUBycbPy1bh2 c6vYuszhVvnWZQnEYpyxjT30Cgs8RSeDDiv+kf+ERrD/OSoQNbnTSYunp5pPYgIB K+Z0sP8XlQt31tFii1Z0OcHxQwBk1WpQlVKAg8d9iNHCLR2sabK1WH8Wqgkly8gJ pmvffsgPgAvDkKuFMVliImIelsJcsBc2m5Rs8+/MkD5ZlN3L+qiQrgU5fOooPnY9 PZv25Jlr3ZM285cydiEupfibGOzyVdpCwsEDToH6lnVwiXgEKgS2Pr5goMNIPB58 0CVXD7MbX0hcnraANnv3QdyFzpfe4+zOHvOfYtM0SyfASZrgQNbmYnjmX4O0fadS DrsqYQzOES8mP4ftrFKFtm0GFwQ9/AN/0/X63OAJtoOHBdxa+L740x1puL7b9Ofv TKo4F0iF3z5JKL4L5vxNTHN7FnF22JStf3ZokzRXQW4CKlCclju3fMKX2IrmTWTU 2aiz7YAH2oGc9j7AGeYiAZpr5RiPnY8S0mGvMYUktlNR2QXNkzeNEcH0GeRu2v1y 4voXpTEv9X65voYGW9QPicybnmjOJ0aSL5f2C3kyAQoXfzIVJ63YKqhYC1Uw1ywX 8q5IqWdWVMw2TI+QSqqWWA/X4aWMziwTgaIyJ3KxuGAJYZv5DzTg2+JFJrIlJeRG QuYXHp1Bic0hDZxSztufGuTHewmb5bBwuT5NFAmHlq7sFJALRdR0CiqfBV+Vs/o+ IJESXZM+vP4/iGBYCBkgi1cR6vLkpBeTm7KXLU5QsVbvmPGzjwXfR/VmKj5hCNOu jYONQLW0cYxgS1X6gzVTG7HE+aeIPb2eH8064DUDdDunzgYP6MNIYKaBXvJTQniy T0svmxfP81pQbhdg9DFSpoMizG98zBdcW5e7THBoxanhOoD7vHdCbvnN8uyIF7A4 SQjxdhLTCgVAqVa0unRmxHZVGKHA5Vi4/3S9vBRciC8ph+DD9NOnjgtaQAoChqdb E6BG7uVgJu703A87fUubIuj4UG+987eOFm4jDyjObN1vRWwwuXJUcwAWgWCWbPZI hryBIBUv2YsjoehNwZ1VtULuYh3BEGR3J6c1Uhhavv7u54kwADd7m8puZ0m9I5yy 1+a7fq1veuRR/nQSPEs0eDO9b+y26MSFTYJrJuWJetcFyxD8A66CO4j0B1s3JR55 fwVrPW871dSebCXhE2Byi0b3yRP0EfoX9Jd8G5RmQWaCeX00NHf3RWWsOeJhS/HL gavEua1sSe1V2a1dI3yMbtmn1T90tjrRdy7VDfgqCHlSeirgwAfLKS1IiuvIrp9u 1FF75VAXiQU2vS6xTpAne1334RSQcWwyLb/Y/6AnT3Tlb/8sH+NKkMcUc9lpYkh/ G2dGCKtxB26yA9RgVnshnSERMKpT5zDcSXonVcfJHHPxsmTwJm4wBM+AogKOC68F xIl2GJN/N73RZNwycLR+b+oabk3LvTvSuWigL+8HuGaSblQCBRiwg2Lc9ABOQBdf eRcC9yPi1oclrrl/uVoqoHfw+FWtHcwDreMEALaU2jirsGvl8L5KVq1kX92aUaTH vxlO9084gJeFnoRPCunigZevHNgTUM8duaNKJoG2du3YmB1Pks+MT+XrWUa9kHOL +V/4tex7sCE48hBuN8vTczMKj3YpkDOXL6jt0lk8Ei7roZPhhEa6xPOhGfXNj6H4 KXiMp6OeFIvJkuTlBGeTrQ5qLIuNhWt21PpPIOY8/ZT8xFBeO4XFydDPrruEhAwz n8zLag4HdoSi2Pa6pI+v60W27KiDCwYXBbnYHmIlf2UtHeevM+TLE8ydW920HII4 sPaOqSio3vonsNMJmXntM1rrqthS1JNNtu4jo++kDaEcQHmzQ34ULOCgJk3oEERD uJWgEkMmBtzxLGgjlj1s1k+NJtyfAlE4E/N0esKUd014UemxX5wiy2FUOnwXKZSV LLuBguFE8ywWbici5vOaGKeXC89z0tHU2dfKoHW6AS5k44Dq63Qc0yn85rlxLLZ9 CZNGTOQtGQFAkZpf2eDm8OqI/ANnHpltJ8a8HTQEEnkQV4vlT4Oir5eE3NhRnDeN VgVs+cfJwJNDcFxKB8IzRiHvEnRQbjKfszhXTdTHtKdeJGaI9YaX+rXGwWCnxOTp eaZZc3uJt0KeXF4b76Bpn6hyYYX5tvlId+lcsq2MrEit2ZGcvyqm9/qwMxtCb23q zkABD697bCX1c75fDhQ27cCvvOuE7DF3+blFP3TGyDkpQnuGjEVb9ls5h6L403zh YFHnsvZ5z3NR3xg5PMk6wKOAVk18cB6PsuwVx68avpoYHJ7YyQ7xj4XDTLyz1u8K Lj0Be8+MzwduXTZFOIXqntyw/IhNIcdiPNBob2/DdpoHZ+zP8YY/vo6Fyq28mLa1 fNVWZgQsMFJrJpxgNIfQJB47iQc8lejOkT5SR0dE4exWopPZ5zGRu/h/BnUItJ9t XfGmg69pA0rR8mb5Ebk7ClCuAU5coHUGMzBJTGK9ETqei7rH6v2A0oUKv/2QnAx5 MAEi4MUCZ7zvIEGoj/mONARLvVHyEKSdvm8MJqaMjUNX0NDAQAv+jBPbDMlfC6Wx Bbr2NKjuMO9qQGqcplet4oy/OkOTEcs9A/P3TH8ojLfG1G2TTV2FjpI27B40ivX/ H9x6H3732JGhe8aUGfwC830vmnR7YDTGuGWlgfY1jpCPAHv0DtxuYtM6l4O6rVpo Nw== =gUTI -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> ed97d0c0ea96
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 0c0f5e4d313e
Removing intermediate container 0c0f5e4d313e
---> 36320d0b770f
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 6519de7f7a8c
Removing intermediate container 6519de7f7a8c
---> 9624c7d0dfdb
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 2ca83bb26fe3
Step 28/33 : WORKDIR /home/load
Removing intermediate container f9ca2771df3d
---> ccc2a25bf66f
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> ae437eb619cb
Step 30/33 : RUN chmod +x /start.sh
---> Running in 62fbcf40625c
Removing intermediate container 62fbcf40625c
---> e42316e1bfcf
Step 31/33 : RUN su load
---> Running in bea2b2c05934
Removing intermediate container bea2b2c05934
---> 2dfceda66798
Step 32/33 : RUN /start.sh &
---> Running in 00df41aa30a7
Removing intermediate container 00df41aa30a7
---> ff4b90580887
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 88f6e04669f3
Removing intermediate container 88f6e04669f3
---> 3f4cd435f421
Successfully built 3f4cd435f421
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
b02c0ea1bc18f8be750f1539507b01701166bb24afd8a54e51f7d862378166bc
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon  17.92kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 669bfde4a34a
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> d4fe02bd4c72
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 989d47204ec0
Successfully built 989d47204ec0
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0
1
2
3
4
5
6
7
canary: 0x00993025c00a0e3d
time: 0:00:22.980572
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : ps1o1DufCh
[*] Exploit returned a wrong flag string

[*] The exploit did not work.