search

nyupcs / pcs-sp21-lab6-server

0 stars 0 forks source link

exploit-main #53

Open anindya opened 3 years ago

anindya commented 3 years ago

-----BEGIN PGP MESSAGE-----

hQIMA7KtScPIyW/lAQ/7Byr3lg5/Vf2Ot5+YS+KN1Jw3LRz7wbnoIOlKjJ7TDkwW xIryEAO4p6oeH6qCdImfrqX5LjtSvUsUy+dL12Edev1aPQVMzS0oQtFSVvPlWwsT LPkvHuNVuVvxC9Fm11jwp5arypROjKrBZUqaEQK4xEp9dbTi1MlfhJAkBHco2xhb RcUyBOCEK534XxhIu/1bI2aBJqooa72w9YfFoJ6AlkLYoRCU2j945MzqxRnbawQU BN3PCNJsq3PIag1KXqNVgd7EV0PvYpul5d1qHtyXTpRG6Ol7PzP9PUFlG8XD94/l KFNW/uJQFGBdSDXzqq5m4mUL1PW9xdofp85W8bxDOuzmeoQxNXJEdvt8KSYWeoA4 tOpvxMuEI3ZYHfdpgg3mGZswMByPJVj6Pk17KU/sWKGu6tu4R1lST83J89g+ZYFM +VPQljQuT6XQRkYZTUfN0HXCmNd3Q25JgzG3zZgp4Ao+Ny652j8StNwV7eqaY5Wz ZJC85DyX9FQzp+ytAPGWF5HJq7Pkxp5e7+T8hbT5oqozaQJM/p8+dwkGaTOs5ijI 6FbhX2kw2KD6/udG7ZqnY4tgrJWBfnSTz3m/XHa+h7EhaJwVknauxbmLaUmGhAvx MrGuDCxJjpSSsW77Idu4LvDpHwJgSSOTcTbDcHw47c1cCrxmVXkcLZ1kv2RQRovS 6gGElNMdfD3Fra6rlMEY+bE1qfz9nmVFZ3OTpuVmFCzeDE5VbF6H7c9+p2kX5hEK CYzVaHbc7BTdz2Jea4kRm7Iwu6t7c5t8z+mCX5r2U14pTkmG3VHw5nt2eYwcMQEF yS+84xE3iU8DBE9BGKlcXKTRByjzaPmDwVLZFC4lME+YJOTptckTnnjU8SaP/f/H 8dmmDKzERUaeerUvi7YfVUl9VRFEC9DrRpFxxJHejCRO6yK5MB+TOg0AWZeDIu0L kfYP81VuhLWNkz5eL5U029KBKDMAPdlM2tgci7wrk9eRQuevcivUekVEFOt8BTpt oF4RAC6iTSS/uT+8txm5jbBID5EKJUETj5xlUdW/EUPRob6m20zfY//44Aflz9f3 LdURUMgxaiu6g6kZpqDtw+1uWgL4RVjMsvo1qRHpr1Sku1EsoY1+0PLDEHVDpfJQ O7HoMqr8IN308hI4s5kEx5RdpcqEkP89dOfNEvxvj9s2msh0Ig7roGMZ8OAIXLCM dNkdKffdCB1rsTrMOxodu7aQ1HRG++LcQrq8RfzDE6FU7/JDJh7DVg+xdbLqDEqk 338bgE3/7q6vt80HHHZ7lRmCczGITXs2C8tYGp5FT0HZLXwecA4S969ZYXomCkA4 V1RBM84oRVG7O87+HmjBG8Ex9k8CC293R3CmNYiP7teKHYqncpDOIylGwTkvkE9X m5jWFK9X/oFrOFNvRX4bY6RaNukJY2etIM5YRV0bSW3uGZ1V5NnUETAPfqqYeVyY 3D+OqeO20+21n1kSzTWvypgyjkayQGEKqIoRut7fQdKOFQS6td2UuzPhr6SDI9jA bRAF6AF+1TUIYzAyTeyDyNWiVoEDKH8ZWrsNI6WUERQiAl9hTBw3W5exUJi3XBkE WKqPng7Lj9tu/3O/xP2PKSys19NWmEbwqg23MqAfXR1wI7czXcKbnYFVG3SHTEvF yvwCIOhUUjsXGZMYM3JiY4U0YA9MF/GojX7rEDIO2XJ+rlGtC4u58zVpyJBCesAG xOhghBV6HLgd4fh9qEV76iMVse4oCakVGQ5sScOANfK6Le1WIiknUmbN6iItcecO ZKbyuAQka+Mjxbur8FKb9156Do2OCscIF5Xrx/MBXXNYOTmeocKDjR8c/uN0zS6d 7FhNdFK0C9j9tZFB6B2aUkWXsV6pCJFDoVuP+HhWxkgmansh23VoQhpcCBA2Fzfn gqM9oUiH68M6pQ7K7M+huo6dR6nqNdXV7ZvGghpJ0VSZsBdZKTSTIawQlwqonrj/ l2zTVd2X0zpkwFAyG71eB6AVNlsMYIXhfsc3SGKYOqIohH1ZboxqK25jnOeIybdo 77R0Q4/sAQxeDSVyinKwDaLpI8zqWmJfTJw9CnkPXWWtbctDmeuuWhOkDS+MnY8z mhcmLlRJhLBTH9r57M4eXH9PMUSkkwQNgNxceiqf9gHRu/ThfQn2o+sXHzaDXvwv b5CmkuohXTZPtUH4FFY8Cj4zRvIQL3MQotr2WLgApj5yL/yX2Y4OuoFcxC0BZvbW 1K4Tsi3Dj7Agqd+1XFJoSW0nNE2rgZLMDxxPgJciIQiEbB3co+q4ExfGIvE1uuJ7 CZaA88pMIY11F+0dBf+Cx5LlUc5ZJmhtYgXaLvg5UZ4ny40GZRMtOlJBeolT9Kr2 1Eh+3JMnZoEgo9LuLflRau+DGiSEPFOaRCEVRjbYIPrFP02oSK0WW8ocKvcxWrTQ PX7xBbThdxYeWHeNpMvJkZ2VlhWs4ZT8+JUzrzCHpEEKRTUpuaHE/LgEC0v+qH25 MYeIjIsfhaOPbDHLPyO+Es+hj5nFBzAhhFXio7WH7gkcjy/N7I0wxgI3HmcC7CsI kFNvEpo8w3HZtIPjvdGhl8tJcIWrypXeSK021pNRaWBo3O0EqPCVeenkrf/6nSIc 8U3veAeLIpwd/eXgIV4f87wc3DSD08ig7Qvo4L3w/2wVYot76uPpsMsbjJgUUbga j8oMqrWAB7aQYFELZv1lpNS6fGhcAM3PH5TjI1zwlXThQdm2IssElxLbuQqYnaZR pzYx0SFJJT6wwaxaDwCqYKeFM5lVNcTIKm6HI/Osfqe+wu2CEmSX2r2d+QhKRAEx Af4WoQ== =t2CT -----END PGP MESSAGE-----

anindya commented 3 years ago

My NetID is ac8184,Anindya Chakravarti, and my pub key id is 7DD4876A4D1D2366

anindya commented 3 years ago

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGAtzCIBEACj+waquHkoUI1wc9v4S1bW5nwaQrvFF8CkpZJ7BQEfU4vO7mcn SXgauNbVA2V3WM6V24ppYAevLMFwRGpkgx3x/P4M8z5Wd4LVX25/FsvXPB0Yi2/o Wb60AUTYYrOpDXTbsSt2q+JTPeoYY9QP2vajXo+NFbbgza9G2NNRK+yfg1RKLj0u RmBqTwF/5yi+MvsnwqJvzjO999hzWUufxhrb+wTlc/jCAanK63ABTHjphS0h/LnO qGACku13HUfSLUrdnn45rQjQRxpaH9rscw3ueCDMc1cgTQjbzwXdCDo0JEBxopHr BxVR0d/PyvVpOCG2VdNd7qsTEH1iQ7rL1BabVecONjoj+8run7lxOky05g8vDgMp gvs1GmyjIN5BSSEPrdftb5aG/SC/3PTuqqaxJtVS8j22ibQte7BwHgEVN8SelnO8 iqNRpsomYBI3tGF5gpr5rpK/B0ceE06f5RJAETV51l4hHCkpGz1b23BbpqsJpKyB gYwm1ioWSmPUDwezCyfG9Y25z5PAf3l9iUI4urdedI1qVoZXevinHSxenPSnZ92u ESSxse2l7/6HMGWISMIfNN/cS6xCHYnsNUzcTD6QBsftJWU2GgwaAzHUVTl/bJjw LzmiL2T/HH9lbvWAC7v34oJd5gcIB0Xz+uEMjIDWl8cwVePbFMLWlqoGAwARAQAB tC9BbmluZHlhIENoYWtyYXZhcnRpIChwY3Nfbnl1KSA8YW5pbmR5YUBueXUuZWR1 PokCTgQTAQgAOBYhBN4JfQAC/faXubpe+33Uh2pNHSNmBQJgLcwiAhsDBQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAAoJEH3Uh2pNHSNmx4sQAJ3KEYciN8zfPDyvFdnD fRSWjlcIJDsdoQCuJrGLuf60k1ToZtl7pklgVmAD6u0XOUtq6MX8tTr4/N+I5kTp PwqXuuwBEQo4RKrz4p4Mg5rD3KHK37QTuZmVaDa9a0rLl6EOjdK5IJI6859wr0ai 6Z1d9/vbQAVLIt+lNFBfHd6pHflILHgYr31K4iAZfppOcQdqgpxLQelsXEWCiLz6 C8lkSIhRokpMUoIc7t/4AZQdFF1hbXY33JM5NqkGiFTKXjRYFBiypzphOOQw7tsf rWCEOexq1nYqkuw5TrGZXLE1GOgkZM/rlzmkdQBk9GzaRYZPIQFCzkPwpLrmPGox WEFf4ktYSbmiNJ7GT6ttF3py/DAwclvMPzfGOeELPrK0P851oLGP+zIY53zwCC+D nbdLECwnz3ippGzGhQTdbgF1I6ioEt3Qg44cInlQDWJYchGD0wKg8x49u0JqKQ0L yglxrk2BUwzl85ZZrMYZ0UG06sATk20sewygDZvljE0WAAhfNMEYisYRoeQN55GM TniOcVxQPAfXstwJQEVpBMczKSqxr38FLYlll480hCdaYI4gozOebiIFGnr5xxee vAlZ3jyAmwV8dh8lfUKm9OukdwdWGYCLB7skqLuJYfXocY7ts7Woej7/czRFE9FD oSEpspudpjMaHbsjcTAcczXzuQINBGAtzCIBEACu3wFekhQHYwc9iD/ndg+jM9ig hthoFcC7XfTObIoEZNg7j0t71VzliQR6m1oLvRQS6exzcAhqZPmVX2F5tUgTOVQ4 BOxQvErlEJmUUJE1TQqRr/J8XB6M6TBtjt1L0ju6ss/PzQBw/SZBK0labLR7y7h8 jkWEkLa2Mb9ARcRNx18ZubVsWokCilQxH1SFYaL7CeWhpOz0/8Fu29WyWZ2YWmYI myQam0s0qPF0c/y73hW+Ad8vQWuYpVSqfy13ZrJDnlX34kGE/h/Mg8GPdeMSE3Gn Fv/D4XTFgDxaz0JzE+1xtWVlDFZkHZP12HNB7poR8Mbs766DhZC3ZRKP5d+cc9HD h/9NXEWM/O9JIVi3pUcF9+rPteSt/GkaKUCl1rvlEUwMaTWQSass7h8FXx4AUO0u AyQTQy0b8/cSSGtO1b/sH9yt++A1Wdul1CaxmOmC4f8qu2nco0lzKpGAqbD5c0++ lX3Lq10NicJPAW5tmmyPjlPGx0DBWORZeTSisBFjijDjlMu7B1LKvse/8bHf/3l7 964pBA5v24cfn+1ZCydV+oUvyj8HzvCwlNXzQa+Qnw62TELwc6wDHCwmM6AQX5bN FGXfX4YLGoN2xildlAHJG/IXNgPXLeldPvZu0zSF2QovRDVvV1JbP/DO8Z+eZtsf NLA/AeBER+BH9cFlwwARAQABiQI2BBgBCAAgFiEE3gl9AAL99pe5ul77fdSHak0d I2YFAmAtzCICGwwACgkQfdSHak0dI2Ze2g//fBhWTkcgVuJLm9W+9WbTw/IOV4Ew 4Ls491ofnyvnjAX6yjTxCil2sN8uEgjTwiDVw4z0UxeLX666PPBd5yd+R8XAUOO9 1gJp+lTwuP9W9vruUiaPCTMeL+F076mSjEayPJ3wtnHDzD9DoyH/0Z83gMD6f1/r sq4yT5CLUxBIbL0KInC5Qq52eE5sigeOqqsrzVZ8JheqArJcHwO2vadUwZYHnCv6 QBcgbhbtgMU93r6SaUUQ9jRQb3IgzMWRACn72cOWoFnItY3wXbhnThR/Y3WpJuuk /e6ApF8NsI8I/KRP1agM6q4y3VdTtjQ1m2FAJTblFjCu/lkYWn80O3Dkp/No5s7q abCJf2ps1unQWRhXFPl9wBWmgoDuXlCfbZS0Z+jGbzY3sQfw4ruqQ0lBBSDKjnbg YcDdTMS38wlrSJXpBnSVOi/ucxh6780XDNL0mbUjhMh/dko7O8rUIIs8aZEAnDf5 Bjz4wBdfdPeGV1VPdLF2Ttjb3LABUy0cyDJPUtEnMXb0Pt1idssRNocT1Ch65kZE zk3etGahIc9c6rWO5y+lyUekQvFxlw3o/Z7X2gg0MbfAKQwicSXi4ffm8A0Mt1uS 1p4oR8qZVrVGgRIffpkcKzN9kV+zvkbSjWMLL0RVaZjEF7vHz8tWCP4RrNbNdKen e22ABNZzX0BZ/MM= =Ojko -----END PGP PUBLIC KEY BLOCK-----

ksmaybe commented 3 years ago 
About exploit-main (exploit-service branch)
[*] Starting service from pcs-sp21-lab6-server (branch '0ff895975bf20c1233991128be75afbddf7b0049')
[*] Failed to start service
#1 [internal] load build definition from Dockerfile
#1 sha256:c5aa00951c5e8b768bebafe4a8fcee6514827f3cc132bd9b21bb1b5a630b856f
#1 transferring dockerfile: 303B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 sha256:c6fe3e6f913c1dfc58a2a8d9b6459fc613bcdb86e48bd99e4d079bcee7997434
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/selenium/standalone-chrome:89.0
#3 sha256:beb2bf66ef313fd2e3aace2d303a1c73abc80369b025ce6bfeb4a2cc5920b54e
#3 DONE 0.2s

#4 [1/7] FROM docker.io/selenium/standalone-chrome:89.0@sha256:beb559d9a8fddb3cc154122598a527c6fb00f19751577974013924a209431f91
#4 sha256:cfa7f2d3a3cae72a7b4a2fd6d9e3fe6bf7d6c6a4462d83f9fadb5866bd1543d1
#4 DONE 0.0s

#6 [internal] load build context
#6 sha256:5fc7020dcf5fce1780112122fab6c1526d04a2f707f76ea5b97120bb96dfcf42
#6 transferring context: 99.32kB 0.0s done
#6 DONE 0.0s

#5 [2/7] RUN apt-get update && apt-get install -y python3 python3-pip
#5 sha256:1f82db4cdd0345e13bbf91421a58803f0de60b2a8230a42c43c8a09334118de0
#5 CACHED

#7 [3/7] COPY . /app
#7 sha256:17d1463d708c0a388841a4aa302120c35cd535e4ec212ab6fed8a755d414c529
#7 DONE 0.1s

#8 [4/7] WORKDIR /app
#8 sha256:a910735844d664eb7ea4b0fd5834a33f9c8eb8f3e643b3485719579043166201
#8 DONE 0.0s

#9 [5/7] RUN mkdir -p /var/ctf
#9 sha256:cac2d4c9bf65e06e4ab5363f29c11455364ddd6b6c3180ead03c560194a8b11d
#9 DONE 0.3s

#10 [6/7] COPY flag /var/ctf/
#10 sha256:afc11fd381409267eea3583ee8bfbc2a4e44389bb5639bc67f0571c74d8e3f51
#10 DONE 0.0s

#11 [7/7] RUN pip3 install -r requirements.txt
#11 sha256:78d17d90cb19ae45ec323ae4712c81fa0f6b7441804ec9f1f0b9db66dc52b657
#11 1.067 WARNING: The directory '/home/seluser/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
#11 1.190 Collecting click==7.1.2
#11 1.231   Downloading click-7.1.2-py2.py3-none-any.whl (82 kB)
#11 1.291 Collecting Flask==1.1.2
#11 1.297   Downloading Flask-1.1.2-py2.py3-none-any.whl (94 kB)
#11 1.351 Collecting itsdangerous==1.1.0
#11 1.359   Downloading itsdangerous-1.1.0-py2.py3-none-any.whl (16 kB)
#11 1.415 Collecting Jinja2==2.11.3
#11 1.424   Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
#11 1.504 Collecting MarkupSafe==1.1.1
#11 1.513   Downloading MarkupSafe-1.1.1-cp38-cp38-manylinux2010_x86_64.whl (32 kB)
#11 1.589 Collecting selenium==3.141.0
#11 1.598   Downloading selenium-3.141.0-py2.py3-none-any.whl (904 kB)
#11 1.707 Collecting urllib3==1.26.3
#11 1.719   Downloading urllib3-1.26.3-py2.py3-none-any.whl (137 kB)
#11 1.798 Collecting Werkzeug==1.0.1
#11 1.811   Downloading Werkzeug-1.0.1-py2.py3-none-any.whl (298 kB)
#11 1.892 Installing collected packages: click, Werkzeug, MarkupSafe, Jinja2, itsdangerous, Flask, urllib3, selenium
#11 2.393 Successfully installed Flask-1.1.2 Jinja2-2.11.3 MarkupSafe-1.1.1 Werkzeug-1.0.1 click-7.1.2 itsdangerous-1.1.0 selenium-3.141.0 urllib3-1.26.3
#11 DONE 2.5s

#12 exporting to image
#12 sha256:e8c613e07b0b7ff33893b694f7759a10d42e180f2b4dc349fb57dc6b71dcab00
#12 exporting layers 0.1s done
#12 writing image sha256:1b929f3e67fbe72f18abb590cca16a13244372e14e4e2b328c6bbbae8c612833
#12 writing image sha256:1b929f3e67fbe72f18abb590cca16a13244372e14e4e2b328c6bbbae8c612833 done
#12 naming to docker.io/library/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049 done
#12 DONE 0.1s
docker: Error response from daemon: Conflict. The container name "/pcs-sp21-lab6-server-0ff895975bf20c1233991128be75afbddf7b0049" is already in use by container "8091eae6427042a587827ed4ffe9bb129700b81cd8917e1bf7ccecbbe79645d5". You have to remove (or rename) that container to be able to reuse that name.
See 'docker run --help'.

==========================

[*] The exploit did not work.

anindya commented 3 years ago

@ksmaybe It looks like the server did not start here because of name conflict, was this a issue with the exploit or some config issue?

ksmaybe commented 3 years ago

This submission has been verified. Well done!