search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #59

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQELAy8nZUIPGP0nAQf4v93NtByyxaB3eXl/pRMNpl5rKbT2XgqojFvIu/2Lm/1K qJqoJDKtht/BA4O8PnHL0TGu92vAlWemcOwx+3Qr37jUzyrTRUsOXwb8HLs4BCjj hvPhmMlwbaCjxcHv6r+ixnJzMaBcjgX4pe2AaO8/bE6uIGXOLlx8avof2ENpZV+m mhlbMdqfW08x7AHBueF/LF3swJbSBW6O86mM+v+wexfpxe+IVNHuplxVLkAcbuFJ 4GKWqtDmj9YNux8cGLMjZ4WxBjqivMJyJClFE6XCdiTNo/J4teTv0f6zsQRf6QPq up51lyGq5WURPaormHn8vZIYSczfhPk62icomYPJhQGMA9wyAJXo3fmhAQv9GpIa 1Yy/Llyg3t+4tVPEzfFEJnP0EH0iUF6tZGo5pJEOY5NLR3aFTHRPoMyMrDhRX7DA 2FzSU2rqtkCVwsG2r1ZrKCSgYkP6Zm/w6S6upmVPA4MOATH6DiECcrdczoTzYC/Z X5HBQDhXlFehB/mPNWGhOvQ9UntIogBy9tPlJpzb6z7+T28MmE2hSyyE8mekO4Lu 8kH04VKAeEWyE6KySDuryL5+Hd31xXbkOAJI5Mi7hPEOzQffn9einZDgN6DR5vcx XFN3TLG4ocebam7yM56uymWiPkjU01xmKpPlsyCE/S8XEqFcNNSkXAlZ0Kx6daAU YkTNq28wt9XHbQehEdn8z54RoarTSmpTZUuNOA1oNSWjDr+ud9rjiM1zmKA0c1RR uUyGMMP7l8AobgTIpxnaoZGTeV6iV473bcxlJskePppGfyWq9p7Y9Cq4XPvyhzOq 3jnSpDx5e9BTe4Ynguq3brTSt5BvNt9j9Ju9kdSDAdAEt0R886mYBOXFMY6f0uwB /i95V4vlML82Hs4IjUlWh4xM1ULOSGjrL+Kl61B0gsDQtfZk5AyN99cIWMAdFDSF wbyKtqzK+i3LlzvLOoyNeXBosoIaMLJfUwSkblJ55jEIGo20dv6Zx3L61ftBJEc6 Fprmo/6gd5rAGyb5sKt6B12Fs1hVjARgH+BTe2uOWFA0RAHl8sCeCQNEk0jbUyWN ZWGD9+7XTs2jD/wvkOcMjs/7pk+nrJ/zPn7eSyhoo8qL08MErASBElVN+V7IQS+z lKLphqHDis4gNHkQRUVIUgIigfigMOSnvZeYjXwlbDPTwmIsK8CsYCnLaeIFSHuO wZjUZAen9xqelRAQuOEPMBDdg7d3jEzj8z2FSABEmD+K+WfCKaTx5ho7FXwSgvRd WKFpqoao49gymOy8QEwjsrdZW0XSHS4JrSsRh3ynjjXZ+1I7DM6TaiDwRhZwDlaX ZBs2hav3Br9DSBu9sichbEd98/yAMS1QnsXTby8WWG4pZ3bWZK0/DjpcJ19Le9y7 oLJiE1fsWOc4R/N6nd9e2gKz7iIZ53EetzqenHNNdoLKJFAldBzatycxrZ/Q8fTc 3lrLhx8ryf0BDcdpDflq0iJ3jEe0+0YK0M87fcxjovqYh3t8iLhjOiZtiC+DP7Sl NCcdyR1Zh9BcpwrQAqLPoobUPlwcz0Ym58WWbFACbwUYvqA09gzroSFZGdoPJ2dN yQc6CUTdlYBbTUtAJzkcjzc/AXxfPyTpw3lwFQWh+Juxz+8RanMd94Dm9+YWSghf x4jebqXz1Wwm4ulhzHNpY9qNOgXjjdn8x8cqssg8t29u7b9LENVsoI5dgGLdLvg/ tSgaWgO5sh/UbQrv1u1o8cwnjdx8YVryWPAJ3tiosNkUWcR2WoVQJfP+B363n05B J1D4veBI8DTBbtvdoUKN4VU27v2HVED/nr70dcVJPq3jmCpxiOQWesvdbxStK6bC 1sEKA3JAyqE3x2f3iYZWqdNsFS7zBLAvI4OHAnB42/dPNLEaXFQ6mWyQ5YPmuJlo vMQfpi3h5gZjyRyvovzRzhomVMMpmjMmmKb6Es1p7mCBpQP2A/7tnq4crfIxccdN n3rCVAogjbqajatwokPAo670/AWTyW6xw0a1nNFDZbN8SwtLq1PtM1DyzTCop2DP 03YDnzm4xT4QddQstJiIXw1EFc0tr4v9VPlPIyeoxGxBLtVlI8lDYuF8FvlU9b1u 72F8ix460X4660uZVQst9A1n6Unme2bLbWMqGlTvKjEpI5xJxgA1GqKXgHjAFW// pVstTxbX7wjyhsM2ScsI1niUEUuZVCun+uSU3KA8o8SQLWkEJIHx54fxcsxJIAjv n9ESlNeT9hiAkF3CPiitkKWXbkAgubJvTnpWANLba5OViNh7YxUAQ382aln2uUVr 0Mi/66BwarxMjm8Mbpt/xG5shsT9UEpFQgRBo8JjSQItiZ1mk3tj61669v6zwdxF cYeM1lrbm4/qbbqDu8igW0rfJcV1C0siHem0mEDBK6Vm5692TwvlUFKaI5g2ia63 mMmPmiuijL/ZAVqazLplU5hh5LN9layd0UFPS5xQlPinGVYW6aOA5R3BSCoO+48b 6Yuk+XOoPqtacsWKLpinufPj4E501HX6XnfdKh8AnLiXmdk7AfKfmO5QcefV/VzL lxc/ncUhtdC5/4sSvZYMnTG3NGr5kO4/Ug6yhhchSbVr+24mIeA+zH1AjukyKK8k UY70aEMYGqeZnul5E4ODpaN3HoCBoawU8dcVarChExBgVhMo8WFBdKrSeMTofyTd v3ZoQsEju8KtOEW9qULuega3ibaxKyKKyXE7BZz2IpM3IMYaHHYgsZ5Iy2ogJUwS nwWBIwxRbfalEKeQp+dZw4yMyIlpZONnN2lTDSKGL6b2rdRLybc5dmTtPxvPl7rI fjaQQc3qTsbtWb9tE5xbca7MBOcruT+yT/QHY0qPiQOWWTbq5xE1o8hfQ18u/QXC koL8w1JSzPTzhd0R6tjNkBqi2F8CtJkdqrvFO3Q/00mv5Yd0ifMo3XgQ2IePyztd ffROD49EmzRhV0hUwPEKVdryW9AoFVPf4fqFM+9KVe88MIdUOr3AAxrpHV/rBe4h wRF+niVWHzoWn9wVQ9KqiGzLLWVq6s4wkFnYlhn8aPNC9wQiEF2gbN9IxDogR5C1 KkZsnPUTLN97Hz1WgYeMDi351+3r4pi9cuRvAbskXEYvy6epN7HYgnjbEKRKdnqV ByD7YgXEIIf8vpx0BBWD3LITCPZZJnNSYFguR2saYcUliNuZaVGGixgGZfAGMg+k A0b1nOs13ITb3/qtQNHZbwyjib0Ft/zIH+rb3IlY7Y0nkt8LUuFSrMbVMhIWfsBE RchtxyRCwocBrK4EVDtTU1Wcc0dm+4tWjKToV9XvMUf3ynQQAgISZOXPO7RzaeJB DCllAjBcDwlpdlpk26ZxoDKwZqGiYNweUGrGWHqirV0DIIQVSXYCTZ0njJCZdCER vGbI2t3oXDCi8rVRkdNfxYkP0CIp0gmKR9hWucKnNR0LafNtQTYzN2pnmthOJKMD ufU6dy0LDEgNY/YqWRKbC1EOxocvoyRI57SMhv/8Ig304/PoDLAuckafB9fEQv2V 3ID/izkk1OflFPS12p2mbwToaOuor7TKM5qO5syn6Sp4mkMPVYzMz+HUs0L4t+Zc m2Nj6dmD6EJTZNevisenkIyCfbSz810okFhUZ4Rici99PBUVRWFw279h61KVhVle NEmBCMCi6g8xE2gAH3onXLO0PtXgdkF7Vly6SyxOXOjo+megmZmxRZNn6VUumYH5 A4grO8eh8HuEWYx1mQfnhIsyBX1xDZbJq60jhdRfJ+NCfRLYKyLxD8myEDpYwJ2T 7+QvDJeSzp7RCimwyqRanPhLijBLwegqimVQ+icqQ7IJn87cIn9UfiJ2U7j7O2yE i7fGH7tzOa8Ht9ygnxr0UobBLpx+HCEqcUT7d8FO835OTagiuQ9RMBXo7Vdyb/hC 7D+oGUA74nUySRtIlxnqPP2WMsIcYyXbGU3qgDqb+h9VOU5ZV5duYPEG9feX1tDZ lDbKKHWWF765vhV9LUTJYKw9IGbsZ2A6DGAiFM0moSBPGA600uhHNvtnhDKh9+JX QKXzmzRePBsl1ugNLgZyBv/UZxvqBpDBa0Bs0k9TXmOxMR2QaKBLzw0gm8YvPqDb TRc8Ob+wo49myplY69R4kJBpjBvYv5qLWhQINefxEQsdJq02tjCV8565K8xt/qsa Jf4EMPlMA6B8ZmhNvL5bt7sQ2tN6Dzrs5AACa7H7ExkfWMtbuiFBZf7CEleADg2b y0YKcgLgyiMxexs122lwuY0KnDDEcnrqZRlGVrB/uZFrZhyOL4nW2GJQd4orWqXH xlZVJNsRuoriAhCQLkxdDXGRJ/3BphkfMf2B6eUMbaEnJwJWHGBpY6lJldNTfCmW 7gU66HQ71JkKw/NQFSV/TcDhvdFKW5Bhle7rgL6IiRugJTzst9hrLLvTBPw125yC PotwhjUjdonSV267XlNN2h2B9Go+ZlTBlbjGmXoOzmi9puluWIsOhp3NvFBdovGH SxIxOBrK/jfVZwFXqjo2yY/P4IWlJgbC1ajMZq4IyRZdq8/OfJKq/VyADNfmiHIM vMVDDVEKzMAnipsjdx/mxubm24DEDogfMu1x4Oy2UlzQcMXXOYCguPIbf708QSj4 TuXZVIZaeyq2q6sq1bNQ+OYyScVvazcbodw8YkeVyht0jlfhMrAMyHqVepE388tU pAYXhBbx9gg6PwJDKlaNULsKvO6NjBj3T4kJN2wtvTXfgEGloTChhYBG1QY3UYf7 wwmHxhy05j7wudKocKSFPsM4UWkfOIm2vJaHaixgx4sIZjXwZQyotTm49RTpXzUp I6aSwn7eCf8xAeWyPmoPswdwQDddUki2liTYrX7vpSkd5mf8NWmSZzYuk1Hy8IYi u+bCcKSv2NGqenHgaVk9qnvPy03/eBEf4+kKAXlUy7oONFeUNNc8viaEQLkVT44+ tbCmcV1SR8X7KYfafFSaHurw/VMs46cx7/Esq/xCskJl90qULqeznDxEWrXiveeU KC/nq7eJskys4USXw5wENcFL+YEanY9Ee9AbxEHvjyWqPA0K/6Hndfbq0Qx3jviZ skArblTVbycHLByyhTkpGu1375J4bZ9xLDY9CT77Zt+7KeColylfbCNaTSuFQBYp wcXgVxPQh8lwf+7Beafm4a16NV1nZuGtuvIlhnVsnH8CzOvf+h4LH9GAVYGnC7D7 DxRWID2L+lauBldu8LD3aGuD6Gm4c+1c3BYmKhl1ULuQqVROmKTb/TtRoMhAkPa9 +Rwtl8hPOZ9zrYtc6WsQtocPY9Tas05UyoFR6Y097P+cCaIexO5mnxjvl+XnLOgv 734B7FupwZBtgGBhVF6XC8INHVuCGC/oLHfYQo9KIVqmj8Nsjdj0T/edyWaCKbnh e897BbgUTfDSulb8UFVWgsjiMyaYab7RVBl5Ib2jZd/ezji/cHOMr8tj5CtmvOAy 7463es+fECvo4hKOfX2X15t7jJWXkhgZR8M4wbOmvV3ZqBWLlxqy1usgEaf72nB5 YgpkNEJJ/Y/F9HfClqAtRqC/ThlDKDSjIPhu0ve1suuB/jYX+1DGibT7efNwZ3HC yaHj/cEq9i7CPdEiJ7eSiXzP3hV6XIv8Rz31GRdInn4yv+P0GlKxo/iAEaHwPuyu LkHUC1+lqdQOItpBPU1oviQBm1ZQieJev3p7b7PvRc0mDTsjnwO2LiAOgM+QDQeb 3q+h/86EL7g8mjM3HB9BdPRgnGv+kEJ32Ll7ab+KwPfPzFt64Aj4/dZUpmnTnCwN fTM2aq90EsqJEAtDhc3QZ4YC35wIcpX4qR8I0/KRFyp89AUE4H97q7/F4yZV+q8X NfsczICYto9/bfJHOPuEoNNaajNSUMQBF/a06xlxcKbftrsZDHO4peEnKIn0TMN0 TAEECBfZ2OeRadkKZx5cxLhjDN3gqkGs4ltMsYyi5DOAYFAUrLwjrHG5tuE6+CrP /i1S8pxVlQBvBQX0GbPFYaYvbC2WihVdsXwyVuUAmAKyQrwB3zYOCCmXMPNr5qqt zI/7wKqhuBMFuy5rg1u/k4v5AUO/4Wox/e4xEyh9gprnMla4zJP/U+NOo14Qp9C6 BazFOEP94gEtI4KoJPEgbGt4asy3d9AHEvjkdnie1TLHF+r94ozin9hDnbaqcp7F ChpUYX4W2eJkY9mzQ+caT2fhT9ajFzSdLzuG2wFHga2653A8VzyPQNgcJwxMLeYS WD8DiqamcNe2Taj0lwlYEegXctVl7LOv5QHJRZzYWFQN8OmKEm94gMM1BiiiBsmR 590pbO9To+itQD7ivU5KLxC0Nbn6Iq7NfISikTPOJGf3+a+Gyv/ov80juBXW3OYE z+VLm26mN6W2hNAcrcmzwLjLp313jxx0bzJIGjce5Z2m++cCg5OzBvf0AxxKtZvK aS8arXEBrTP2QbPXSB0Yv3gKWWh/9+8dJGcrLOxhteSAgqJd/KRf20a8FsDnxsrQ aDXP0yJ0I351I3tf4rNNsT85zvTkDxF7kuXiREULwzYbCejM6M6ajanzI6Kx/CCV wfi4F/SvRdFW5//bEXvSzXikcrg7c6FHJFdxGtHiCGQ4ri17ZKowIjFhABbvR93D Tv2RJsyRuEyP1ZZy4bXE758+CyEDjsFOqk+QCmY7TGF4DgAg5yPW95+Qv34qsE12 SLcuwofdQ2d8F3WLCVrE8XuMPTMDn+vHMUrJYhPmwyQdViNUV1SANSzt3GlUJd3h 3+rfqTVKt9fhun7xKoXaIfuvbBtb4+oo/LfcxTdlRzEDArBhwm/Ld1nsQSFpEeAX JbA4U0I6G0Ph6DWh6LirD+ZlhUiE4YjfbwI+fccZjAd/UmSO8wYsxOpy5Li7LY6B BmJK7mvXbEDN =opkJ -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> 77a5505e4704
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 93dd1bd44a8b
Removing intermediate container 93dd1bd44a8b
---> 21c8689f910a
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 2a772677c04f
Removing intermediate container 2a772677c04f
---> 0f58d69507ac
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 4b4d224e1ced
Step 28/33 : WORKDIR /home/load
Removing intermediate container 10b4fc2ece96
---> 698c9c571b56
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> 9e8ae2598e01
Step 30/33 : RUN chmod +x /start.sh
---> Running in 5ae117fa382a
Removing intermediate container 5ae117fa382a
---> 73540be16407
Step 31/33 : RUN su load
---> Running in b2e1868bfddc
Removing intermediate container b2e1868bfddc
---> ed446dc6ce4e
Step 32/33 : RUN /start.sh &
---> Running in 1f945e5cd241
Removing intermediate container 1f945e5cd241
---> 3d7e055754cc
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 522c0c247991
Removing intermediate container 522c0c247991
---> 9021960e1858
Successfully built 9021960e1858
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
46719e427c4046ed7df2a8a4fa272b4df72b98c09021e613c51b813789f1946f
[*] Started service successfully
[*] Running exploit
Sending build context to Docker daemon  17.92kB
Step 1/6 : FROM debian:latest
---> 8626492fecd3
Step 2/6 : RUN sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> 45fa25df3fa6
Step 3/6 : RUN apt-get update
---> Using cache
---> 0845a94ffa3b
Step 4/6 : RUN apt-get install -y python
---> Using cache
---> 669bfde4a34a
Step 5/6 : COPY /ex.py /bin/exploit
---> Using cache
---> 10b83d3ebe5a
Step 6/6 : RUN chmod 755 /bin/exploit
---> Using cache
---> 35c15cbf96db
Successfully built 35c15cbf96db
Successfully tagged exploit-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
0
1
2
3
4
5
6
7
canary: 0x0040a33eb58541dc
time: 0:00:39.402675
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : qDTlgGmT4J
[*] Exploit returned a wrong flag string

[*] The exploit did not work.