tiwanari
commented
7 years ago # file sss
sss: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, not strippedOpen tiwanari opened 7 years ago
tiwanari
commented
7 years ago # file sss
sss: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, not stripped# strings sss
/lib64/ld-linux-x86-64.so.2
-i5*
libcrypto.so.1.0.0
_ITM_deregisterTMCloneTable
__gmon_start__
_Jv_RegisterClasses
_ITM_registerTMCloneTable
EVP_sha1
EVP_md5
HMAC
libc.so.6
exit
sprintf
fopen
ftell
signal
puts
__stack_chk_fail
strdup
calloc
strlen
fseek
stdout
memcpy
fclose
stderr
alarm
system
fread
setvbuf
strcmp
__libc_start_main
free
OPENSSL_1.0.0
GLIBC_2.14
GLIBC_2.4
GLIBC_2.2.5
AUATSH
[A\A]]
AUATSH
[A\A]]
dH3
%(
AWAVA
AUATL
[]A\A]A^A_
whoami
wrong signature for %s - it wasn't signed by me
flag
what command do you want to sign?
not going to sign that for you...
signature:
%02x
what command do you want to run?
gimme signature:
1) sign command
2) execute command
I'm not going to wait around forever for you...
Welcome to Secure Signed Shell
;*3$"
GCC: (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609
crtstuff.c
__JCR_LIST__
deregister_tm_clones
__do_global_dtors_aux
completed.7585
__do_global_dtors_aux_fini_array_entry
frame_dummy
__frame_dummy_init_array_entry
sss.c
__FRAME_END__
__JCR_END__
__GNU_EH_FRAME_HDR
_GLOBAL_OFFSET_TABLE_
__init_array_end
__init_array_start
_DYNAMIC
ftell@@GLIBC_2.2.5
__libc_csu_fini
__gmon_start__
_Jv_RegisterClasses
puts@@GLIBC_2.2.5
fseek@@GLIBC_2.2.5
exit@@GLIBC_2.2.5
setvbuf@@GLIBC_2.2.5
HMAC@@OPENSSL_1.0.0
fopen@@GLIBC_2.2.5
__libc_start_main@@GLIBC_2.2.5
system@@GLIBC_2.2.5
global
kWhoami
_ITM_deregisterTMCloneTable
_IO_stdin_used
free@@GLIBC_2.2.5
strlen@@GLIBC_2.2.5
_ITM_registerTMCloneTable
__data_start
s_exec_guy
ALARMhandler
sprintf@@GLIBC_2.2.5
exec_command
__TMC_END__
__dso_handle
deny_command
__libc_csu_init
EVP_sha1@@OPENSSL_1.0.0
signal@@GLIBC_2.2.5
fread@@GLIBC_2.2.5
alarm@@GLIBC_2.2.5
strdup@@GLIBC_2.2.5
__bss_start
sign_it
__stack_chk_fail@@GLIBC_2.4
strcmp@@GLIBC_2.2.5
m_exec_guy
kPwd
calloc@@GLIBC_2.2.5
EVP_md5@@OPENSSL_1.0.0
fclose@@GLIBC_2.2.5
stderr@@GLIBC_2.2.5
init_key
_edata
handle_it
execute_it
memcpy@@GLIBC_2.14
stdout@@GLIBC_2.2.5
main
.symtab
.strtab
.shstrtab
.interp
.note.ABI-tag
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.init
.plt.got
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.jcr
.dynamic
.got.plt
.data
.bss
.comment# nc 54.202.2.54 9876
Welcome to Secure Signed Shell
1) sign command
2) execute command
>_ 1
what command do you want to sign?
>_ ls
signature:
0fcc9e22ff4cec3f5afbaf5906dba086
1) sign command
2) execute command
>_ 2
what command do you want to run?
>_ ls
gimme signature:
>_ 0fcc9e22ff4cec3f5afbaf5906dba086
flag
sss
sss_runner.sh
1) sign command
2) execute command
>_ I'm not going to wait around forever for you...sign で signature を発行してもらって, execute で実行するときに使う感じ 使えるコマンドに限りある
tiwanari
commented
7 years ago cat はまぁしてくれないw
Welcome to Secure Signed Shell
1) sign command
2) execute command
>_ 1
what command do you want to sign?
>_ cat
not going to sign that for you...実行ファイルあるからいじいじして、例えば
cat flag
のハッシュ値を発行させたらいいのかなと思ったり?
tiwanari
commented
7 years ago 死んでるらしい
tiwanari
commented
7 years ago IP updated
54.202.7.144 9875
I'll only execute shell commands that are authenticated with my hmac-sha1 key. I'll sign a few benign commands for you, but after that, you're on your own!
nc 54.202.2.54 9876
sss