search

nyupcs / pcs-sp21-lab6-server

0 stars 0 forks source link

exploit-main #50

Open malfusion opened 3 years ago

malfusion commented 3 years ago

-----BEGIN PGP MESSAGE-----

hQIMA7KtScPIyW/lAQ/7BV8ekfrxujTGMkZlCT1HE9Cs4RX+kaWjBROV+j4vQKyj BR1+JZ0ttmaUcmkky0N3INcbitlbd+ObbAqpw73e/VWVEs1EsMZonXA8yEb73dZg 1LfcK0rtfz8pA5B6gYsK/IEUGvRkM6oORyzaM7l6r+i6K5tqwpnyY9cVKfqhZFDO IplusaE3/vlw6zZaFoUZMz5tPqGcU6s2CaHFbLrG8jYSs5D8CFBaibJL0vKuhcz6 EFq+e+I504nKbOIBomwE5Ud8ZsBA59J+YOeso6AIe9I2L4eVjCLhRrvE7vVDhZ+n WtGKvHySqYDF/d/S2+lox8uz77c9KO8qT3sHRcqgLBX4/cTgHJ+vcOs3YgNbw7Ir DDu1QvQ3rnOcl7L3idpkYDee+Mf2ME79KcthswybkLesFgPvA1VERtynWWUHy1S9 kxQYtVFsLutnfbEugqmyZgUxq6iP8OL1lwdJLxHsBLEdaP/LxrOzP9/uxcba817o n9Twdvi0Jq5KX8TgB7pBX9A963Ml9SvM7JBmVFbasWMHmM2CkwDg2m3JJPWA3d9n zsbIziaDmVCCcI6fHVtmrVUTIUfBOL7T9q17es3M8fClD/OUmxjhXW1lfSPMajXU 2QZ3kq+dw7kyOyO/QEiM7J7/uQ6c2DPF439kput7ApceqZVUj3zMj/6cU2WS9JXS 6gE1+bzC5kl8NX7XthdsPGLLvER9AZhHdEb0ro1eNsgAFC3ed3Oz2NOuRpUxCg/l 5kYbzMeS81U/EqCVVTj94aSrnZDzsxLhLyieipex39koLpKDl/W91bAFyGVsOlw9 Qp0m7prhN9lj8A/eL0ymBMtMY53MC+J8ursypANCKqEgpw2WmItYASZV1R8aPzjI 1VUvtayFK2q1OX3VXHpWtEaGRKummYG8wFfhPwZR64d9PWqC5wrHGxuJ7SHgaIJU GApyEJK05G3SSZSdApWMEb8w5pcqfcR/2atGXzd3sglDmIZmOtN6Ttyo0+xPoh09 hMFiJfcQ5QWsJB0SrKTZI3URWSQghcs5qSLVHf3aLsJwWf5gboKKCOtxnrwR0u6t 2rg/ezzel3h4+ccdBnWex1ICUjErqF/co5lsA6wzkuyVWB2dafnpIW1UjnEmD5d3 dpG44s+6modJTbfJdaoLHwt2dSkmVzXURf3Zqnm4G8tSLLdzLMXiXzz55RC+ZSvn NpIxe34Yqh8ZX2X9X6zymYrKhlewQkiJ6xmft6SJEUBiMqOfR6e0uqfKrm3Yt1QZ NlUHnSsvNqWe7RLaGXqJ4IVeSfzcgEtB3Tk82A4vsmm2oRfL4BIOTO1Id0Orlh9w cG09SP/+C6cxGTclsuuYTS/pE7YqQeC4n4BRXTrrxd8VWmvsb7Ihodx613tqvex1 sv8VSeSSylBmfBRYE7QdSxkanRtNflwA9b7U1iyDNVzjLZL/LdwdrR/T9bj8IO3L sIuDYvDAI3h7s8nFomgPyA7f+6mrMDOGXndtB2ocHbICU/C9TiVsKqf+HKBu5rkw 6ikWRa8NRjI8QPXLcP6iBndFIt2cChtX9cnOgy8WivoLL1MPWHYDnBRVm/BNhXny 1MSWXnKpSaXAiK3GFHxkmYupMAI1CM76zXaGgx2b5RR/TpxMUxW05YrJToYg9rWG SQbMbvaJNTY6OrWNiNgtDoVuaHUL/mm0PLnaBzQkerKL9O+fIuTY9YujNdVOZY4J NVCI8IH9lazUSFblOsOMhqCsCjug7fgOALG6+g1mexZim+lOY4igq+FXe/0TJVrP +yVWn3v0ZAmTYBvZ8fpQKbKAe27WQaxD0gj34yN3NoXaNUpWczGaFqvJgee5eyRI HPQ4uHX83F46IuJr1jqAe4A6doOCmHORfLog/IS4XTRHzzoRm7EV7uKvpHuiMc/j 2chLzKQdVSfIqjmYW0SpRR+410t38EQFFSF2J5ZFKnqIgYkvEEdInXrRkzdDI8dt OuwvOC7K8wxA7vTnDg163nol4hhdl5bzDJPFRmdLGwWrstkVu2W2ulaTeZnDxk6q Jy+Bcae7kHXfcQ7A57IZBXzprencjkhNC2dDIlmoNLQ0XIrmTQRj7mOaV0Kacqer zmFbEDkZOBDrI7VWa5El4bs1yG3Xhtd8h6Ds0Gx2HTU1bn0A9jYbiWsgBmG39Jyn 95M6K/XrfQ9Uo+utj9K3qyqDGEsPOD7EwkOtRqATNo3rxoBpKvg8CT3rVLsDH1hr h5sm+GW0IKo/jOQBTckO6Ot0Oj09OAVKnowNo3ACcr9PeIH0DqbXtxtrr9S1oD1x XrEJyIzxNUn+yZVpAOA2XEEHP90Je63tAxoB/PsdXPr5nvqYcg0wIbbZh4wJP+ht 4D45U0MNegv5JLEsUQThYHHQ1nDWsR15+FroeIIc3iwhBGV7+XYnDc2b+f/rBErv IGmgziVT7td6bkQ5WjPl5VBMCwjlReGlgFvMd5iAzsYNylhpunvFH3lrDPNIZzNP bnmtmntaLdUhkcV9tloLPL/sW98QVcFrazGd5MltT6FHWNIVS+YRb4VlnW7Wfehh h1sBMrZqoh0XP9ZZz2jUGl2sFFJKUqqzQKbCSfbpn/LysU0NPe0in7qAAQnm4IQw zDJYzg5vHH/RzQLUGImNVQoy/xNCn/kuCMryZ/i5yX0J7WOwqCQvRj43h99bxIyC Y48zh+4oU9iV3MTdGrwFAWAwKrcGy0z4xsuwSt8iEq/F59WDaWylIzYTFyf+dt7E 9ThYYIvtXkn/XzNG1vinSjLGQOumXUQ9zBB041OhmFJHBQtJRvdZ8iL0UXLOcoPR Z4SEbt83GZeDDhOQVkg77dqF2nTcpM9cLXJmpMammWowhg220ZnrljvuPQ== =VlFo -----END PGP MESSAGE-----

malfusion commented 3 years ago

My NetID is jni215,Jude Naveen Raj Ilango, and my pub key id is 42872AD16E589492

malfusion commented 3 years ago

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGAtuM4BEAC5G8S/iGGVOfHUWnYZREtkCUYwpRgS8mfNRFJE1yE6ySGXbU1S HzunvM4v4PmOPJrO0Xw9KPQpgtMXL/B2MK2LlkqQ10m2dLFKaQI6Cndbc0QVwbPK PHx37MlwnJZoA2rLCHZ6d0aHc4bu9XwS/jqHwTVRSifjSsmPLTOa4odTjL3mMwSO hQxK/Hf9NYLtbh/biAksN/APl1lAtpx1tvv4OaokaijPZWdR2Pn0jFGPN1XjxRLV Cva4tmnttqDpNkYYLW3phUCilm/4ZpAeo6ZrCG+/HeLPr9eOh2sNWKZUWQgKMASx wmYNWHPPaoeWUhrYR6PzLZhcz0DX1YW1LLEqd2cCEHcX+K1aXZDLOtglz2eSOYKD 2IRcMv6kj+5rVtRCGeNo/BhA7hTg0nZwn41+YyyYDMH3uatPeMyNAdwJwA2EwMe6 vIwkpG5/DRRS9Nt/CulhenEl8vvPD+PwWT2heLqt24XjeBiNLgxw7X8pTEcdTuTY eqljhC82no9GVIxPO9+eYbx2ASYVbMD0wmgvvXk/bRhvKD8jPpt2oKS49dDZh6Jg E8W1qtNg/CC/OHca3XSUUfq+u5Gh2/Becaj0WJj7lNxPs23IvmFUZQa4e4TCNSEp dCs7XvjmlZum4Y5+YewZZs9GzV99vWT1V8+JSV1Ap+oGs0r/gg1gRfnmFQARAQAB tDBKdWRlIE5hdmVlbiBSYWogSWxhbmdvIDxqdWRlbmF2ZWVucmFqQGdtYWlsLmNv bT6JAk4EEwEIADgWIQSo632r41bLnEbELclChyrRbliUkgUCYC24zgIbAwULCQgH AgYVCgkICwIEFgIDAQIeAQIXgAAKCRBChyrRbliUkqIOD/9uosNS2cJW3mS32CXu 4oIqqf8sn/Bpr54k22RRPmu1HdDIC8EMNxrLeCvFx5WElMNL+OZziq+EcdgMlR+2 lcXoFzNZMqdxZ3IGNGBu6m3YUvo7g7gDfmqCg6nrInNfld9fFW2SUqjKKICGwGG3 wrVjjTGfDSq6xcFijssNajxiHsYfxUwTPvK01QRd5yor+tuHs9T+S2Zyx8y5OaQi SrDVDYJFbahNtCAT8XT4aAUPAzt5DRhKUWXHK8sRKFBPAC0KFwZESSTUXScca9es fzDNVWriVYC2R7thu2JYyffeRDkaTdbuqK/cSKnAUZjA44DpLZti/hFgkzi5cjtc 1SQw6nBySr+0gcM7R/ElDfszhBA65r0JaoqPy6+qYrlokpN2NFW/IWFooDTSbXUP 7kH9CquM4rjuTpj5FF7a2s6NmF0XkMa7SEhJQ5a73GC1neOAjrcllupAD6yntFmC K7llp3GwPvZ0Vyd4xa3ED+63oefKZU0y/qBnljXSFJdQ26jMMqdDf8DtqGe/iQTV tylSSWM7DBh3AxiiQY/IR9EMVfukjiPReJ/XULkBOxcYmL/a0I97sdW5+NBwwl5g kVFRJMO7nlersUcQoRv7Jl14NLzbkAbihJgY9EZxrmWNCtLpyBN9m5eeZDhh5bUN xs4RQEaxK4tK1b61pWm46M06ibkCDQRgLbjOARAAt3ppuySIfEZzlq3Hjo8Wc+qZ qFLpjY7Gxd38fB8tbH2+eqhmWjqZa2/8wWwyWu3TxKNZHXpegZyA61Fz3ly+F4pS 0+B8yv3YBBx0plXFTOgsvJAOuYbFXo4g88ZVB1GholN4x82EppM/N4Sfsxc3UBvV WP51yydln1CgNpHX8aKkCl/3Hieg6b8UO0bRfZYdOIjL/aQcU93q8aBOrVKdZwBI ARwFW3tqyfD+ESClF2vDGymNLxO3M1qn+vvfQ8nzOaeS/t09lTt4kp/kEbqFQ3u4 lwKOLy329UR0Hzp8NbTE/bBqT2/R4yVM/LcnqGBUSB1Lzu7Dhk0ITAKaTVj8IIbL 6k0f1/mShlOY8IobvMRCG+Cbp5OU3I0nPObjtnWecijerjsSehgq1hjzTJmgDZNW nSyeuHkrgekEBTnrs4shlqxoTNpeiv7fB0yL963RSLQg+rlm5tKm2jrEcs0vsPqQ 0kmIhfutrFfe78GNLXQ1AjYM5n4M1veQ+igsPRjtSPW3fbjXXPehNzE6l6IzREKf w5MhWu9aoflVTYxnyjCvxL1jIadZ0Q+wV7XTeg+O+mQapa1BCodEkElrgidULxAi Djtl+5fGN7wnbMLcTskBi6/vDymc+dGrqarshtHtUIHAIjowhjr21BCfOWpGUzKm 2VSBAQCTiKn1vA9cYJUAEQEAAYkCNgQYAQgAIBYhBKjrfavjVsucRsQtyUKHKtFu WJSSBQJgLbjOAhsMAAoJEEKHKtFuWJSSvU8P/2CRvqsF8X/wEpmHHscoeq0VHysu pRKw2vAaylCxw2ID7L95SiP3Wk31R77VooUH94p4NxDvdyohr3/cWe9/CtaqWA8L 6xbFdlJ46HV/BoUcuWuCrHW+u5qLyd2af6G5ra+kmUbamZqd6Dkx3F0DDiZj8D+u vvup55k8EsU0qpmiduZpTisjh2eNRyXvss/5xBWAb/YfE9QBogpzPa5RjmfnqI4h KwWRu7DwG4zQ4evheWwNo9mt0Yoev1c45/wfPI4B5GZSl8msVrTrYB+S9N6pd5Wl TIM3ZJRtY+6gfYt0GOdFScF3/cjZMaf0QwXtG3YFtheHzykr82QJ66nVvj/zrm5G 26NBPcGnVHMBbxqcjlHv1D0Eo/oph/3E145uEOggWIKSza/ulZ9nojKoI+hEucrD Bh1SEqqsEoGvLmX12EQgtc2+P6uU6Cvlu539byd0QXPkq3ti9KBdVbsGe537fQi2 hLbCg/7Fl8HjJnmTbdS3Hx1UCMRGTnRRCOPlLc4Dby5ZyrMUduOZYTYVl7YZWlEf uHLwVz150bwKJqaXD4OHPlxu/BAJHMCDPGFfd7X2oP20D6NCQzhalXWVAQnkG9Xr fmJ/nWsHGRY2EmiNDlrmvzKtJw1iRkiC4cCST0kckfQ02rGnNwNfhaOpx1sbfmuk /V60ixp+2nrYKmrQ =XH9G -----END PGP PUBLIC KEY BLOCK-----

ksmaybe commented 3 years ago 
About exploit-main (exploit-service branch)
[*] Starting service from pcs-sp21-lab6-server (branch '0ff895975bf20c1233991128be75afbddf7b0049')
[*] Failed to start service
#1 [internal] load build definition from Dockerfile
#1 sha256:a7768bb00f1ff25bca4a5ca63e0354f04eff81247f2d1317d2374a55ccd6deb8
#1 transferring dockerfile: 303B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 sha256:552c7a7aa1138a7decabd0ddb24ef89595510b42e8a88a171416866aa0284129
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/selenium/standalone-chrome:89.0
#3 sha256:beb2bf66ef313fd2e3aace2d303a1c73abc80369b025ce6bfeb4a2cc5920b54e
#3 DONE 0.2s

#10 [1/7] FROM docker.io/selenium/standalone-chrome:89.0@sha256:beb559d9a8fddb3cc154122598a527c6fb00f19751577974013924a209431f91
#10 sha256:cfa7f2d3a3cae72a7b4a2fd6d9e3fe6bf7d6c6a4462d83f9fadb5866bd1543d1
#10 DONE 0.0s

#11 [internal] load build context
#11 sha256:97b1ecfeec7237a6d2fe1194cd839a1c799ff66099c966ffb152b967a97205d1
#11 transferring context: 99.32kB done
#11 DONE 0.0s

#4 [2/7] RUN apt-get update && apt-get install -y python3 python3-pip
#4 sha256:1f82db4cdd0345e13bbf91421a58803f0de60b2a8230a42c43c8a09334118de0
#4 CACHED

#5 [3/7] COPY . /app
#5 sha256:f47c6e4a81cffb7e4f088ac8f040a91e9044264c047ebdb228ee7bd496c0786f
#5 DONE 0.0s

#6 [4/7] WORKDIR /app
#6 sha256:480d275e54fe886d774987c0bd48d033d68b2515d4604ba52d98025c13d2eb40
#6 DONE 0.0s

#7 [5/7] RUN mkdir -p /var/ctf
#7 sha256:ed70740689463b1cb67e0a288c90e4fa272440150b07ff88123dc23eeb0787d6
#7 DONE 0.3s

#8 [6/7] COPY flag /var/ctf/
#8 sha256:3683de54093345aed700a7e2d50c22c1886b914212f894ce5567932ad4d93d19
#8 DONE 0.0s

#9 [7/7] RUN pip3 install -r requirements.txt
#9 sha256:e86072fd59190f915e144f758f96a73f5ca5626fa1a231640c17b3298bcfdc75
#9 1.001 WARNING: The directory '/home/seluser/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
#9 1.127 Collecting click==7.1.2
#9 1.165   Downloading click-7.1.2-py2.py3-none-any.whl (82 kB)
#9 1.219 Collecting Flask==1.1.2
#9 1.226   Downloading Flask-1.1.2-py2.py3-none-any.whl (94 kB)
#9 1.281 Collecting itsdangerous==1.1.0
#9 1.288   Downloading itsdangerous-1.1.0-py2.py3-none-any.whl (16 kB)
#9 1.351 Collecting Jinja2==2.11.3
#9 1.360   Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
#9 1.440 Collecting MarkupSafe==1.1.1
#9 1.472   Downloading MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl (32 kB)
#9 1.548 Collecting selenium==3.141.0
#9 1.559   Downloading selenium-3.141.0-py2.py3-none-any.whl (904 kB)
#9 1.666 Collecting urllib3==1.26.3
#9 1.679   Downloading urllib3-1.26.3-py2.py3-none-any.whl (137 kB)
#9 1.765 Collecting Werkzeug==1.0.1
#9 1.777   Downloading Werkzeug-1.0.1-py2.py3-none-any.whl (298 kB)
#9 1.843 Installing collected packages: click, MarkupSafe, Jinja2, Werkzeug, itsdangerous, Flask, urllib3, selenium
#9 2.319 Successfully installed Flask-1.1.2 Jinja2-2.11.3 MarkupSafe-1.1.1 Werkzeug-1.0.1 click-7.1.2 itsdangerous-1.1.0 selenium-3.141.0 urllib3-1.26.3
#9 DONE 2.4s

#12 exporting to image
#12 sha256:e8c613e07b0b7ff33893b694f7759a10d42e180f2b4dc349fb57dc6b71dcab00
#12 exporting layers 0.1s done
#12 writing image sha256:55a739c53158cd33e009b3817340e94d6bd39cc5184edebc14cacf3001c72b65 done
#12 naming to docker.io/library/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049 done
#12 DONE 0.1s
docker: Error response from daemon: Conflict. The container name "/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049" is already in use by container "8091eae6427042a587827ed4ffe9bb129700b81cd8917e1bf7ccecbbe79645d5". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.

==========================

[*] The exploit did not work.

ksmaybe commented 3 years ago

This submission has been verified. Well done!