search

nyupcs / pcs-sp21-lab6-server

0 stars 0 forks source link

exploit-main #52

Open uditarora opened 3 years ago

uditarora commented 3 years ago

-----BEGIN PGP MESSAGE-----

hQIMA7KtScPIyW/lAQ/6A3V4RPxykk6QhoZMBh2/8b/2Qjktz98T+A5iWqE1iFRg fw3PRjNYnHEsX5hUavGlX8LavZn1IFiVvnlwX+o4f2HLe3+ULixIBIvcTiI1eUTp fJ3yANSfWL4bfXL79rUk2Q7fcfdK9huP5lufwHY4KD09tuC+QdZ9vtKL3QURzSjQ DN2xYh6CvIyXeXqHBFEv3m9LzwMGldVNsDYyZBDa/6EJJRfuMT7BXmJ7Ztg6Tnki 0cNmeET3eVd7YiugoOxGuelhqUDs04IVpTCcz8RQI0Xno+Olu1/sNOfvXKz4vzfb lt2tkLTbkwXN5L18BeutLkk40YtWLeLc+muwUa9vZKcdjTYAXZ27kJNCejzCeccu I6feIqaS726lPS7mkCPXZqlmKZwbxhwE6VLW5A2vddKuxInOyp+EOg1R7tDdaDJ6 7tWlCCtjNGrUsDzOOwD/qOMiFsbQf78sAQVe/ryvN2VnnKGL/lHTO5gmjFUXVctk H/yHSn7EH9nWqFmsDhSAdbvCQCypzDoP3ilwjZaF17tYAXnSXRq6eo+j6pRS851E K1n+YoWNncx5edNxwitnvGDSMY9YAg8Ce9EhsnBFCO5uYDR4I5sA/jJ+7+oR8jTp jyObYskVThu0IrtYMZJcbBtspG4qwrbzugZy1t+Zq4GPTwwz7idS+w8a92B+eInS 6gHUG/py4gGaMHz82uyseft4C9qIKCaxRym+WJXCnfG9oavSK3cD5ReoZJCuPAeF Q7tjeYAp0mTSZQVnT+21Ww6YWhH2ByzTo73tNF3gWdw5tHplXRXBWTJ3a/pl7kKI v6FrTJ6UvQZMDBKdfuKqsRVFUbfE9m5Wwn48cjb8CUXJOwKoDLKLhkF8tN7n8wiT QG8NcCb/T+ganx4qX4d40jXCcOsbro3AYNJdsAVeMNjPHv7CPekiQ+h5jASSuVxW EF4aVADccQeNm2WOzAPPeEEpARQ1mmLIwSVQvamuBgGvqExyCD7XV/Af5QPJmo9q GVO3ZRwsIJQLUdbnDPn2pq+AUIWzt50yi/+BzuT6vTJGXonSMMdWTOL7H3m8b1XQ GdchEuaLccy5El4HOAFFQUCr3aRx+Sz63tS01bCj2pdjXZTS8gfs4TU+yqVmt8gg F2R999oE1G26nQWNSphm/Pae4RBwWFOZQn8kzO86qtc4ffENRb68i9UTZDJjfwLa 7AWclo0b+buFHKEkgrEUxA8MNmKzwDgX0ikdnUdnlgVnbUAhJfqtc7R/ln6F83DG zcjN0T2qUp/zskNZn4eMWEPBAXgC2WA+D2iQmO/vAGgXr9g3W9VwHiX2qWRGO/5b nvB+DRQVqII9I6tXrsbrwERTh0CT/YqQ1qO+F1kGlDSRzH4Lfiw45WwDgb/vsHjO zUJBifaPmBR/0b94BwbZOemSu39LfxJc/FGKAhDgT4MFuq8bGsTBGxQHfoe1h0UO NieEHNjSvAnyMWsEXIhD/U0uUQke2GYyxzulqCQ7LqM5lwW1Vjev5AAhDQxBTjzX 1Pola7XvibNT8tX2/t18azOJO2YC1UzaddgH5gjWkqyvZUYpW+p596E0J24gf/0Y G+5EIBsyGamQW6qOy3DZcgX0FYfXXkBDcfOnNIpBilWlawiH9wPKdZ6YeklILZ7m S3zN5zsPeVv+EUtEKmaiCHOuyxulCgRv2J1u4+77VYV3PNbV/9v0ykJmZaCF+KDP Rw8bNbT9xtacKuBGxwgIQHdSCi8byq3hnGW20wuZxUqLThVe6OAHVTOyBVgu2vDq Bcgnk4PRz5fXvqCHO9oEnk031MN/LOq5aTb9iQUUI3ifIuE5yElNC0PYgg6+snHc ZV/nIzPEvr90qQmR8ENwx5dtLVrA9/kEXNSMclMXa4opw2yqIgYfofoR565h4s/F aq9BBC3CFBKitKGIHa0dOT+uUj/eUQwqvyLX2TTY2Am70RzbcWvQ26zWQ8hTFdAD e0oKaQea1BU7IdExnJ2xa4V/RiaPPZqymywfqdt6j9SG0FgSiUwsMrwLcivJFNKk 3KVMtDXjRHbrRVV6v80eLTLpbfpsF3kzAhPBOJEHHLcLZ9IdfUffNc44RUQFemOP guRjDlvI0jmpw92eWS7xRm4urA0JQYJYIsyr/YXFl4I6NQfCZyQxsjscYd45kX0W HtE9KGy3Em9D3H7t8zN2EzEl3TM1PRjvl3EsBn53BLdG69wGPC+7K1joWYyg/ILO O7/C4kD62clz8UdfbCKBF905KP6gyCr4i9EgLUmJkAKgyZsh70W4c7yvUvml7eLL iIZfdgfQymwMgfKSipIcFo+WVRRaJUg9ZASFqWeEwgC+n/XM1X9QG2xbz8mTWuI8 WV4dXpoSqCux9nVPpmEd6y9NNQdnOcpmmB7VHrNj3ENLH/4i1Df/NoclKaoXtdTW J0zvFFg8KDlGYdCAWTj33Eydc6mx6bT7zqKDiMZ+GYVq9yIr8+rpybS8yMDEYwWQ 2sO185Yv5WbW2F+bPvsQjbjAJ+guXxUAPtiggeVY75uQJr5AKNrxnE96jar7upvj pdBTS0R3VzgGAQHB3W9ENex8SIwkPAOIDwJpvSswkLH2NYdXfsK61HKBqQgJKyZ2 iCmYw0BRZv/TYo5u2ulZJc3tyJkja5UzYKbGKQYOQ+CPrHMKhFtkBeNMgs97XUx+ Nea9reo+OPj9Qz6lX7OeQhVRyNUVu7Jx4WLKLTd+3Jpo4+FF9/EChEQfUblTrK2C 7TtVBdSZbaE0fSAdFoei7mOCSrU5FhM81c4Fp+k/fHcmwkeq6vb+D8qNOvnUJb09 0WyvronD2O4l+oFH5flNl9Uy9G/WukwRRIjDjOmoIUqvVAx+cXRfUQ== =dyY/ -----END PGP MESSAGE-----

uditarora commented 3 years ago

My NetID is ua388, Udit Arora, and my pub key id is 2D72C5165290878AFDD4FF7D69499B0FA1AA9CBA

uditarora commented 3 years ago

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGAqCtEBEACyVVrov0KCWgp0ZbUWtFdCKYNwZv51XXzHku0ZWQtLYoayXOUg qfNO6XhfSgKs0NlYnlMs1G090PafSsiQ5ywzvvaKeC3JyYAhc/t94memfZ3j9CYe Qyj3sHNTieUft8zlCiE9zIho8PeczHCXIJwxYudtQsbuV74FGSPvbqNztiBOi9Co 9GFpNagyDaE8dVTNNIVXYgiexINOTodlNfSaGnkrdkUCMZDtkLWmzImKPryTLe4p PrIJkYDfmV9x/QU6Cg1xpD6VD8uRxqiHN39IIDcgAarr6pM9yFlBpFdiX6frlrDl Z/cMbiT5ewG+lihL72XQ7BdUBqmZFTMxvyhFTe7LQ0xaO8HuX8v5A/xo7wCJW9dE V4c2VhbN8QT/d6gjPWBUr/IwZhIPDaXPKuk148LZitwoSJcokq2AaSGlC5ngALSd 1fjUtkerY5JInh9oHvpdDK8JxpsTIcQWkMylo9A3xxdVj++8N5WskusAztVvQQ5F yWqqGOh+0le60Qx9qxaO6OFHHHw+0eQ+MmCX+5rDyY/txssmEMllZ4omxqVhEoOk A5u8dYk+Oaex+4jH132QdiXnVCE3RkvmtOwltNGQs8v/n9KGiaEWZJdnCPuIrTwF 0+G5aPD+Y0E9Xhtgf7mbQgGctW77REcGJ2RYTL++KzDUYPqNmarLwe6cAQARAQAB tClVZGl0IEFyb3JhIChnaXRodWIpIDx1ZGl0YXJhMDlAZ21haWwuY29tPokCTgQT AQgAOBYhBC1yxRZSkIeK/dT/fWlJmw+hqpy6BQJgKgrRAhsDBQsJCAcCBhUKCQgL AgQWAgMBAh4BAheAAAoJEGlJmw+hqpy6VgAP+gKykWemMW4kwPLpherrkW/ycMwa oxHa78V44ZbOP4sBrCbh6JDVpKcpe48ElCQk0YY075tMTPWEYwaWA3PKifOy5w5p t287/zmW1unC1pDlguhyTLxlGeBf3GDHZZEOV/Vh9HFxzDUwcUHuILBxH2jrxBaO mbc/7WfqNPMXbJFpRb+Sy3+2aa9EtK27bEsHGd/OS3iO16p/Pxv7nnRJQoZUDhoq GyuF1ICKyi4VY2h5FEWXga1UU9nS5xulOuKX8ngZkYDwgGN2i+TSwrB9rrSvzM3O vibzqkN5mnJlTusoHoXr4h9ePS8XIoXV8VTQdheLpEqgajnMVb//cu25STnEzYrx uqrTMTpAJmvXvprpaIsT4l6/ysfMe8Dj1NQ6EviLwK1llO9Ln6uv9SF7amtOFMd5 UjUepzhnzRfF0OfQP5Dx2yX3S9JCE1elsJBJjXuPP1ZSvLSJLGpTJLsGBgyGwO0u fnbfFgjMxrXkesU8amabZEx8abaYvckfZlZzbD61xSTiu9JAberx1NgBcHkf57rT y0NYDnnyRFJS7faVXm+CjThuZ/JyOvE7IxCJ7E3DILiL7aWHZOcD55tdOIdbV5Kj vL1n9x/P0lI//U7ccpasgLXidBBoWENyLt8h7VoEkwq5wVOKpCplDBl+wgsERRZ8 DwBp3jRpYrtyKIImuQINBGAqCtEBEADT5C3aR1v49pPG9J2SYhvFj27XretKA4ZA rXh8PETCtkQlreCQwMs+P2sh8kIJAi/6tMKq/KRt9YiKmgT/m/EKTIYVv65mzLwM VtSlLDLLyWQn7xdE0SlUIgP8NN1cTiy1ODWb6NyF6PDMTaYLiO/EZFfmgILxrvJo 5ckFa7hqisTz0++zGOcCQ6uOTdpAbKHV6rB7FDsCUsL62iBpLQ3X0hcrCgVhtqmp dFOiXEXhuoLLWJul6ithTwCCN2rz5UXDupUEOE42xbYIUs3zsF86PMYSH+osv8NF giORNgqnd+BSS3UiT9VFFNHMTAt5iBpckO51ifpmudP7BwBO2SgWcHBEbPRZF7j8 f6qpoDV/EV2DsN/cpDV1dW54duGYZDO3Q/qpL9rpXomj1qOHzWw8nOqcK714tU4E qI4fU0f9KGQZXrgJ5AAGJD2jn9FrVPmRSIx1HeaBqTCKXznwHxi4N/XMS6joaJ7H LrBWfgmDk8SVfnVjrKIA/WybANHsRXTt5dPgYzCficnH5Ne+Go2W+9qPlq15p7xs 6xd3wMYd/1EzBd7ZMVI0IThIwxKENaUvBUeeqL4rOJwwC8GmENZ3U3PakTY5P7WU XPcEKOIULvJ2XqJmHOvhoj+Xp1TUKFL1AjqxDF6Sw9FpibJC+qdocYaphwBK7VIk a3JfiRbPiwARAQABiQI2BBgBCAAgFiEELXLFFlKQh4r91P99aUmbD6GqnLoFAmAq CtECGwwACgkQaUmbD6GqnLqpIQ//Vs2GiTa/ARdmnWMo8drptrDMUtY8GI6PaRQr 0E6bjrqAvMCNnnyu5O9O1ZatI8Ov3B9UVCoBA3elzkqUZ0XHWphJ0HV9wvV63amw yjkL4iH/Cb9U2QAIzpoF8CnXJsKkm5XHqMwkCr5GOerL5WRyynMv64PMY0kkWqj8 4WiYF9t3ZhX0aPazmeMdkA8hTUhAEgIlqc/rBVenMr6IUBmdG/ci83UufDypP2+u QI0zOemGBXxbtsrg0hicNJUj4HrdXGyO+OelW7di1NorGJjWomhQd/ZH+gVcQ/0P aw9BY7hVH+reIp6ZwYxSWJ6OQALUsYtlZ0peUwGSv5W5hwrvGTjsYpMNQGrRM8QG 88LP7HcbJVCJGPttBFCZLDkty4FcAyC7xBKN3jycbyajuIrwkPNFeGc2+X3XeBlu qoTkEEgeKfHECFav0BWo9adqc5rG8UsTQe5Yv0pSwL5H233Cnuahf2v0Z1exxKRD CRWaYfGCZcvjnZjUkKlJrdyrHGksoG+gpfXk2gGTIMPzB+xX2htuar2JnbAGQz3N WlvRipKh+LRBf9XsK/sIDSqArMqYxsVg4LdCkzvx4jSImpv7OhD2knaSy7DKl2o4 llrSrFWlD4VniIXnvLws9lGHeP0axXwg54o63Mcw0qOSe+mAKH7hPqrBU7mrv7/f BbYXdfo= =l1eu -----END PGP PUBLIC KEY BLOCK-----

ksmaybe commented 3 years ago 
About exploit-main (exploit-service branch)
[*] Starting service from pcs-sp21-lab6-server (branch '0ff895975bf20c1233991128be75afbddf7b0049')
[*] Failed to start service
#1 [internal] load build definition from Dockerfile
#1 sha256:8a3aea037f533bd3e76f0370ddea67fb84ad009ab0cb27fac6dcea0724f97b9d
#1 transferring dockerfile: 303B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 sha256:3d2ab1dba19aba48d2770456a8fb5cda5d0c11e42996213e9e070305e3f762bb
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/selenium/standalone-chrome:89.0
#3 sha256:beb2bf66ef313fd2e3aace2d303a1c73abc80369b025ce6bfeb4a2cc5920b54e
#3 DONE 0.2s

#4 [1/7] FROM docker.io/selenium/standalone-chrome:89.0@sha256:beb559d9a8fddb3cc154122598a527c6fb00f19751577974013924a209431f91
#4 sha256:cfa7f2d3a3cae72a7b4a2fd6d9e3fe6bf7d6c6a4462d83f9fadb5866bd1543d1
#4 DONE 0.0s

#6 [internal] load build context
#6 sha256:04dc7850f7a4778426ac2552d8b6d1c129571cbd4fabeeb03884f194579e8c2b
#6 transferring context: 99.32kB 0.0s done
#6 DONE 0.0s

#5 [2/7] RUN apt-get update && apt-get install -y python3 python3-pip
#5 sha256:1f82db4cdd0345e13bbf91421a58803f0de60b2a8230a42c43c8a09334118de0
#5 CACHED

#7 [3/7] COPY . /app
#7 sha256:f4a0b42c628462e650856160a6591fe7712c88fed01e735b8ede68b1bcb04a3d
#7 DONE 0.0s

#8 [4/7] WORKDIR /app
#8 sha256:d9b3491ff06b1ecc3eaf40809730fc849e02e1ee8642f76dac11be5d3ff0ac4c
#8 DONE 0.0s

#9 [5/7] RUN mkdir -p /var/ctf
#9 sha256:c28427f0de8ccd498c28fd7f42f2a13401c6c7a502ec51cbdbe7f641b8fffcc5
#9 DONE 0.3s

#10 [6/7] COPY flag /var/ctf/
#10 sha256:415fd5774d54ea0d0d6f1e9d8b2c22ff370d2561f5217f97ffd1f34e5b8a22b3
#10 DONE 0.0s

#11 [7/7] RUN pip3 install -r requirements.txt
#11 sha256:124b954e13e844198b20e2093d8dbc6956b41bae9c4dd29a7dd16bb04a9048bd
#11 1.159 WARNING: The directory '/home/seluser/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
#11 1.285 Collecting click==7.1.2
#11 1.345   Downloading click-7.1.2-py2.py3-none-any.whl (82 kB)
#11 1.405 Collecting Flask==1.1.2
#11 1.417   Downloading Flask-1.1.2-py2.py3-none-any.whl (94 kB)
#11 1.488 Collecting itsdangerous==1.1.0
#11 1.500   Downloading itsdangerous-1.1.0-py2.py3-none-any.whl (16 kB)
#11 1.565 Collecting Jinja2==2.11.3
#11 1.582   Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
#11 1.663 Collecting MarkupSafe==1.1.1
#11 1.676   Downloading MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl (32 kB)
#11 1.784 Collecting selenium==3.141.0
#11 1.795   Downloading selenium-3.141.0-py2.py3-none-any.whl (904 kB)
#11 1.907 Collecting urllib3==1.26.3
#11 1.923   Downloading urllib3-1.26.3-py2.py3-none-any.whl (137 kB)
#11 2.005 Collecting Werkzeug==1.0.1
#11 2.021   Downloading Werkzeug-1.0.1-py2.py3-none-any.whl (298 kB)
#11 2.087 Installing collected packages: click, Werkzeug, itsdangerous, MarkupSafe, Jinja2, Flask, urllib3, selenium
#11 2.625 Successfully installed Flask-1.1.2 Jinja2-2.11.3 MarkupSafe-1.1.1 Werkzeug-1.0.1 click-7.1.2 itsdangerous-1.1.0 selenium-3.141.0 urllib3-1.26.3
#11 DONE 2.8s

#12 exporting to image
#12 sha256:e8c613e07b0b7ff33893b694f7759a10d42e180f2b4dc349fb57dc6b71dcab00
#12 exporting layers 0.1s done
#12 writing image sha256:6ce1ae89223390135cd79b17db4a46c6e663d1071c20f6f8084e1aee9642004c
#12 writing image sha256:6ce1ae89223390135cd79b17db4a46c6e663d1071c20f6f8084e1aee9642004c done
#12 naming to docker.io/library/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049 done
#12 DONE 0.1s
docker: Error response from daemon: Conflict. The container name "/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049" is already in use by container "8091eae6427042a587827ed4ffe9bb129700b81cd8917e1bf7ccecbbe79645d5". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.

==========================

[*] The exploit did not work.

ksmaybe commented 3 years ago

This submission has been verified. Well done!