search

nyupcs / pcs-sp21-lab6-server

0 stars 0 forks source link

exploit-main #40

Open agnithamohan opened 3 years ago

agnithamohan commented 3 years ago

-----BEGIN PGP MESSAGE-----

hQIMA7KtScPIyW/lARAAlz2cuggHEz5lgIQQ5rvaJ2Wf9NPVVDIqQ7L8R8DXyYEz qyz1c8btYlCZmOa/zI9cQWXV+AR1ZfzEDDlAIAR9MoJUBKpbhtoH0EwWUlcbCq4F doCG0B8dWrbctKRcYSpAPgxU7RvwwcGJW1EUm2Pp+23SSLvsfiWcE4V+yJWcfMlT YA7ukCiZKwmOUxPBzXd4Pw7CKcR4jSmPGdOlT8btUIFtjXNRMENMowkLb02P0kC/ 37faal9axBHIsxdoarf+GRUveBFFeHGq9Sn/lHk0rGSvU+ft072bZcrbySrkCiFs UytCtu73A6LS1EvsgIIROuPgTaQCGfBHxjNawsdiGMsp6A0MfYJM0SfFw92PbiGo 5/UWclcWDvEQ/ZdTvim5ZKhNZoiD7EsLzpCMUV50j9l/Y1YyByr3akCx9y/xiRsi 7p+PZhafoe3+3IfUWYEyE6lVK1KnkIPDv7NaOf7s74LTWCsgL+B6HXlA/72oPzls hFRC1jUKAuZhUWD3MwZpckt40itXxI4We3gPSi+xa5BqP5totvLEUfpkAdhC/UHN SOgRMMtEHk9zqIesC4P+fAk6M3aWpgyUJUuCCtR1eCLS93uf6NvHNmrRnnVuYwBd /0nwZktdbJt5fFaIUi0LrXlh8cG3cjSIGNijUm8r+EdZkEEesfwH3Xra2IHesqvS 6gGfzktRa6j/QOUU8oOZit+APycJhgEVKHFWMz14rsdAeYxQNrmphcT7uEB5/iKy rKQNHjPCK9UMQhjIJUaXXITN/AMsH3/0ln9yz85ddpcbJfDWDeNSUbBtyWBykrvu lCRJjoUHBInCKB6VsEQuV2ypEtNwsb2oU7klChCqT6+oNOUu08nrgHn5qSxxyRLC d7bfb2z6gl9P65XoL76d0HY7t0eHchf6FGctMgVOhTnenQnaaL/06rHwLibfxL1R BdQ+mWpz8SaqWPmuRWl6eOCXDVQY8CCqI6vCp/enG34OVVXtkZ95iAQMvl+JCsOh +CngKTakyRDDeXvW4fN2xMklzWNdf9unP7mQU8fN2No7VNN/iAec7f+eTHl0hqlW Jb0vZ7cXpHppTS95T9hQE1phPK40GdCOcHor2u9XbTay4zzUBF+iiDjJqJn+EjdV HjA4xTW89d7MdelWlfyDwXOB4VomMAvZaAcrZNt1QKxA2tnxzQPk2SCW8dC7WLnz Yh2qe+Mb4VQD+CD57PEQwOYd4w/OFC0LX/+j9SjDnMmnGzNl/xIr6Qfso+WsLZxK 4pEaytBYawnDBqDeoFWYQfb6730vhDz3uEceREkeR31NzB6sVcAgjUusavSa32D3 4mHvEI+PLPJNME3/7wDD2fC9kwVOUgo+gb112Pk1v1y8MTGlBOBwuSAeaUUO0Nr1 UxihEC/Y0VbjWUoFrpIMWYU7jQhrjx1gVq0L/XUKI/dFaCwgCFhPYZjJoT5upLnr SbGujm+Hmdo/gfUXHIM0Bgdrr1OtbhUFCayl1fvZA1CF+yK2Fz/HhcUttAmOV3xx UEauhCTC4szwQymJkPRx97ZU8bU8Z4UvqYjPhbavaPDxS15LLrVk/gE+J1tl1U8+ U56/wcVsuv1rCIWpNFOcER9gYQTDOtXC7xVHvuyEuTfEAgNlltyEgDTdiO/7VG79 v7z+eUQkLR53Bz3KZAYJPnsBEz9WgbRolbeDkDZyvbysgIpDSSLPQOghuE18UjOv KmNNh/j9sBjE+hnkPMbz6KtW9GjBQ31Asz4jkLj0tMdemIe5ebVigeJDyerXy6XN PUSAH6Jrae+JfPs9wOPfoKgZrRZTjxoEEY19oZpC4mV5o2UVG21oGSxUu8OKTfme wFcbvyvaKob7mBkamnn+qb/eQ/T6rfegW/FIS8+6IGon1LPhhp364lnv6aq0cpcs PelTDPWmNBqPEbJssMTZgmQKlpd/JloF7uS2TqF5y7Eda+jaJ4Gwan3mmEeQh7m7 jbI5gnKvZLGWAYLgvTJkkt/tRlJe2AP1NFscP0n9MlTp2TIOg4G4re7LXRkTyLKX uIk/JPzSDRAmN+Mx2sHl6wfpU1HP2eXjKtftiAhXBlGjA3BR+aiRM3OEoxYiwbTI YNJsJ73AtWm8ZN7NQ+aHeBk59+zfH0IdM8GkNaWN2DyH2kN07jJpGUUhQdJy+d8N w5tKvxPPttiqp0o5+1NKmVxqHrZU7OgTArBg0lZ0/dFy7d8IjOeG88D/TSiBmElq mbesta9lgleyDtJtNR9uDLuO/RAluBLfJXedVQgFozMDMbFUimJqpR5i7chdFsZ5 hXKp8jdLtLPdKN15QmMMFh4QKHCXmlgAih28+PnKbQDlgoDTk6NWbvgmhyDjCBri l2AdYRT5FFnTz5BwpZznU1IYrIkQEXSs6LTXTXYuaxt/0de9aiMAWlLlaqa0/Gn+ fboDt/ttzscrAUcdL6MP52O26F5dwxrvIzn6EgcOn7f7BG65vzJ7EN2ZvkQUuTxP mIQttpitjvJA5GdNWQmfHFowsL0eGSRTzy14ydSK35WjXVRXBEM9u+oy7NiyUdps YbcJynoEB90cGIXRZIiywXYMaw295S7mppVnO8o5KcJdNfMZ+zLcjY176l5oyx3N BmpN1h8oVOipT6Hr5mSXQOSK2Zpmy9jGuAqNosNLwgMssXb4BHETVvfh22UJ9L/i aQ5Oj48WuzTFXKgZDAvxY+95xp0a4uPhWpKJPh+Ak+9MfWec4EZuV2ZgpAtd3J7F BMFud/0mqBSj46fv14J2ryIEmU+mmdt8js/NjMVFwspJj53Ajl0ol8Zc8tX1m4g+ fPgztHt6dG+uqvIQ89tdCLtam/rGI43pAJ9vlFHzWqsWH82zJB5j2dr4VW5Is7f6 W3HDRWimfaKDDmzEyNggeGA= =Kg9Z -----END PGP MESSAGE-----

agnithamohan commented 3 years ago

My NetID is amr1215, Agnitha Mohan Ram, and my pub key id is 0A5D7AEE3822706B

agnithamohan commented 3 years ago

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGAmDOgBEACc0Qp0o99UrCD5dL8prmPwr/TATMBzmD8IhirCygcvtdSn3aMJ M7aCZiMVth/0PlOfd7v9sHJ18+F4009J2glBKjeUhZMFfK908TpWJfYwgCx0UBOi XZoHBl2q+G3UAOg0AwjC1NR55EVXew51dZ1FoEk2Hl1Bzdavj3hQyX4e0+ZvEUbd Lsk5Wtnr4/NMw1sT9jABQkXQsD6ceV/heLx1j03j5aeiKemDXZ4pQgcuVJgwMAoL pRbVOHgYP4XSFJmcvhPJphkWwl22vJkfckmvlVMJYbTXCzlNUeiJcdS/1G0nG8rY mMWGUkoG44DqXDMaHdtOLaYxHZvqBynfP146RBqS+LulRHNjUB3GnpmJYHfMqvfJ dOgLp/8YXqkUO/J8hFns+K/9anpvSED/gdEOdG5mdYx1PnlY34+LZhr6o1uFmX+V PSUFbwka100JQRsSti2UiMLCmvRiIcBa7ogHe3ScEbu9UWIUrC/JLFTmNxy2d9Qt PDqk5O2luSlQGwo01sookfNsYvW1ejrdU5/RC6vOt+mhrYEM0jhF6eyx6uXq3TJQ 3pa/cAeRNx/iTpfzGQkLA5HH7sZjDjiSQtyekzb2GCHhzmKdoAt+dhi/aHPmkpQx /vh8x/BP7HJ8rh0bv5XirevQBQWasE/2RNsHyZXPIxuTMco21QLXQz1i2wARAQAB tCxhZ25pdGhhbW9oYW4gKFBDUykgPGFnbml0aGEubW9oYW5AZ21haWwuY29tPokC TgQTAQgAOBYhBCcReqIaXruEG4Kvgwpdeu44InBrBQJgJgzoAhsDBQsJCAcCBhUK CQgLAgQWAgMBAh4BAheAAAoJEApdeu44InBrqYMP/1wLp19dUxpiWYlv/WHYtIr3 +jzr9r21tAbKWm3QobFTjNk4E/GyBoWsCtnjyy0Ojq0vP+A2X0SspthLf0spzsAz ChupS4AUwL9BiN+WojHxjBIpeAug3z88fWRn90nUqYHvD/2d+Q/ka7M3SswYZ/qb 4bwqHe4Wlsta0RsTXLbL2RTZ2ytngiHmGAVNtxl3PIKT2eOJtCXjncZYU6+CDIqz Dl2p7TlfOOWcweXwzzsnL87R4UDr7SMCmi8xstKMwRpiFVF9Akrsw293c4fOIIHX rWFZeo6Iz+DGhA8R/2twwoMEBAhasMfxiRvj7z67igL9Iaaz5qW2VDB46aFP4Slh qSMKk87Hwvn86epv4Q0mMyGeCAxbB5zED08O6NCuAY8H0XoUrdpRj7QJNKMOwQXZ siBmq/UJL0IbKI8fOdzTflliIeiKsmrYjncOAVcc8yWDHwLkeU2OJFFEJBMmRfnB 9ioQ4AV2NjTpHHvijLoRD3PW1WzafG6Q6xvWfpZ0KUL5Tg68lNQ7D5dNdpq2rLyD jSoQJIqIGTU/sM/B2DJi/fFO+IJjlDo78SCdB3sjzrLC4UqMrXYEG5b8IE+OpLSp KFp6TYtNtMwZazdqptaVd/NB9qu1MWNWtrj1cKwSfzrldOxN1IdLc8dhyPtHz8XZ GaYg7nbczyRVtvSeXJFsuQINBGAmDOgBEADN2A2xOOh9iWPlHMsngKcDfCa04Fpn 1Xv5mC8RAPvo248NK22ioWEip9kfl+YvM37DSHRvfNH4sYnHENlWQo5fwJ2KgpXE PvZAfS98NIuFpwNhpHV73AZizKYEH51353Jz6v/Cz00WELfQgCJMOQ7OrtcQUnqn G0DnJ5NxSpk+TasuscHBY5k+Rt+joTiu0+dF7gNHbebhVMT7ew+XX7izXfnGRIDg fon/Jty3ZjvgP9ACJhcCfnHRK7Ggsvnyd0AK49CmQBEe2+72XeORpzzdsn3B6MxJ 4D/AFucHFcF4rNpP4OqeqW0v2RJAmcYLpaBoO6TVDZ7i0aFgk1iXhpwVijxuk68/ nrz/tAqbJB9M7nwIUmcQjdxd8Kxjjg4yWeSyc43lHMkPZ8HSBLcGd98IHluxOLE5 iILGvmIakRMQpPfoMk2dOPbLXQ0xgJJeNHE5gzucqjBE52M6D5Ixwu+CuE5eWgYz SuqFeyHs4gU4uaoUbxBibb/BLH7TVaMGKQYgSateFjfkeH8cWFfdpwNbD/xZ3e4J yfgkEFYfEPfPLkUrUyDqyO763eV/tiyWZCiBYNZT9I/aEW0TRIh8PYMuU40+sJXb FMP88kTUQQeIhFQq6SlDNNjoMyJUYHWsz+9/Ppc7mAn8E577Ss8bJykvvWLbD+ai d5Wbfub+v8YqGwARAQABiQI2BBgBCAAgFiEEJxF6ohpeu4Qbgq+DCl167jgicGsF AmAmDOgCGwwACgkQCl167jgicGsAww//fwT+j7FgBXX8NXgI9MnvElQDkRl44Dz6 2j5mqDuCqCwM0gFoamyBBoSMNniQjySg7ie47EYMKjMY3/LqmVDralfFfYXJoleU 9NTAm5GJaTaIZkKlnFGuHUT5dxU0Rd8mqjP+il+w7loNUWlA/la9q/S8i/XVm9hM pLUYtPxpE4tQFBEXHVsQTYw1cYsUVMh51U/pBM3/cPfpNFYjvGnmqzXwGeyJ/YPl D7CiFcIqlCzmbfZoJL8R5CGhS4obrn5MKDbwCj+e6jmJSDMJIK8ajTfsh+1+SYRg AlHLfAdIlLwrMe/bQ+3i7CJIyUIXIPiw6ByopCH4QVMrs7HCqmRDdrgvjBkqO1FS 52LFGJqNMsp5d7b6oyBGslciBJrkkdAJlXf+hjhYQT5eG7IjQSVpYDAOXH60XPmD nA6ifCg+z0lU826o/slm0a65OV4oJkscX3qwxkkKSW/MlSx0a36T6/00GjHpb7v+ twIe80L5RL8TwziCxe/AmY3+2fSxrtOoTm7OmzRTBlcRCNZT71mCyTCRW8dJDBF7 ++Oy9eQFDVTkhWIoEXAak0cuAaYq3HkFOjn2L6vKoy7KtHFlQAHZz8F3BH7Oj/wW y0ZWcPbqRjh7CJqrWjxdtRMjqHYt9NWOBwFbRxwPSXg/eTF+F4wnfttXi8Jj8CAQ fzU4+XUv/OI= =Yprf -----END PGP PUBLIC KEY BLOCK-----

ksmaybe commented 3 years ago 
About exploit-main (exploit-service branch)
[*] Starting service from pcs-sp21-lab6-server (branch '0ff895975bf20c1233991128be75afbddf7b0049')
[*] Failed to start service
#1 [internal] load build definition from Dockerfile
#1 sha256:a72aca7e3b70cbdbe6d5868dbef78d6d0b6283b0c9d7a012413175fa845c7fd6
#1 transferring dockerfile: 303B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 sha256:733b926713db74f76e32b760cb6cd3a91a2a914342a827d2de3690e1044cc4ec
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/selenium/standalone-chrome:89.0
#3 sha256:beb2bf66ef313fd2e3aace2d303a1c73abc80369b025ce6bfeb4a2cc5920b54e
#3 DONE 0.2s

#4 [1/7] FROM docker.io/selenium/standalone-chrome:89.0@sha256:beb559d9a8fddb3cc154122598a527c6fb00f19751577974013924a209431f91
#4 sha256:cfa7f2d3a3cae72a7b4a2fd6d9e3fe6bf7d6c6a4462d83f9fadb5866bd1543d1
#4 DONE 0.0s

#6 [internal] load build context
#6 sha256:6f726b943f68433aee428683da3db89f90e00aa3b4ae8ebfebe2f4dd5686b679
#6 transferring context: 99.32kB 0.0s done
#6 DONE 0.0s

#5 [2/7] RUN apt-get update && apt-get install -y python3 python3-pip
#5 sha256:1f82db4cdd0345e13bbf91421a58803f0de60b2a8230a42c43c8a09334118de0
#5 CACHED

#7 [3/7] COPY . /app
#7 sha256:dd9c047bc315516730ccb1ddbfbde512417df6704c18e47dc81ae74e59225954
#7 DONE 0.0s

#8 [4/7] WORKDIR /app
#8 sha256:4fd0822586ad64e2e39b4746831ebdb04505366b6e76c36ec708e2fa513f4ce6
#8 DONE 0.0s

#9 [5/7] RUN mkdir -p /var/ctf
#9 sha256:1c0b52d1318ca68066602f38b3cf6f5bae5674765190f28f16b4ad9469a39d0a
#9 DONE 0.3s

#10 [6/7] COPY flag /var/ctf/
#10 sha256:e69b1f7543030e48dc455f3cc2fe17649779f1555b334f6046a53be22474c786
#10 DONE 0.0s

#11 [7/7] RUN pip3 install -r requirements.txt
#11 sha256:bd9d74ce742f47739b0cdaed82d00f75cd4a7c625873d186cac2b40501efffaf
#11 0.994 WARNING: The directory '/home/seluser/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
#11 1.107 Collecting click==7.1.2
#11 1.181   Downloading click-7.1.2-py2.py3-none-any.whl (82 kB)
#11 1.241 Collecting Flask==1.1.2
#11 1.260   Downloading Flask-1.1.2-py2.py3-none-any.whl (94 kB)
#11 1.315 Collecting itsdangerous==1.1.0
#11 1.330   Downloading itsdangerous-1.1.0-py2.py3-none-any.whl (16 kB)
#11 1.382 Collecting Jinja2==2.11.3
#11 1.394   Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
#11 1.473 Collecting MarkupSafe==1.1.1
#11 1.488   Downloading MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl (32 kB)
#11 1.560 Collecting selenium==3.141.0
#11 1.575   Downloading selenium-3.141.0-py2.py3-none-any.whl (904 kB)
#11 1.706 Collecting urllib3==1.26.3
#11 1.721   Downloading urllib3-1.26.3-py2.py3-none-any.whl (137 kB)
#11 1.796 Collecting Werkzeug==1.0.1
#11 1.813   Downloading Werkzeug-1.0.1-py2.py3-none-any.whl (298 kB)
#11 1.878 Installing collected packages: click, MarkupSafe, Jinja2, Werkzeug, itsdangerous, Flask, urllib3, selenium
#11 2.355 Successfully installed Flask-1.1.2 Jinja2-2.11.3 MarkupSafe-1.1.1 Werkzeug-1.0.1 click-7.1.2 itsdangerous-1.1.0 selenium-3.141.0 urllib3-1.26.3
#11 DONE 2.5s

#12 exporting to image
#12 sha256:e8c613e07b0b7ff33893b694f7759a10d42e180f2b4dc349fb57dc6b71dcab00
#12 exporting layers 0.1s done
#12 writing image sha256:e16c5b5f199f8c6d5601fa106357e3b83c64d7506c2919443b85c37eec055ab3
#12 writing image sha256:e16c5b5f199f8c6d5601fa106357e3b83c64d7506c2919443b85c37eec055ab3 done
#12 naming to docker.io/library/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049 done
#12 DONE 0.1s
docker: Error response from daemon: Conflict. The container name "/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049" is already in use by container "8091eae6427042a587827ed4ffe9bb129700b81cd8917e1bf7ccecbbe79645d5". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.

==========================

[*] The exploit did not work.

ksmaybe commented 3 years ago

This submission has been verified. Well done!