From 81ddf4f172d3b099be5c8af0035a2c1421500544 Mon Sep 17 00:00:00 2001 From: letmein Date: Sun, 11 Nov 2018 21:37:06 +0800 Subject: [PATCH] tumpuk2 add --- README.md | 2 ++ tumpuk2/Dockerfile | 38 ++++++++++++++++++++++++++++++++++++++ tumpuk2/chall/tumpuk2 | Bin 0 -> 7516 bytes tumpuk2/soal.c | 31 +++++++++++++++++++++++++++++++ 4 files changed, 71 insertions(+) create mode 100644 tumpuk2/Dockerfile create mode 100755 tumpuk2/chall/tumpuk2 create mode 100644 tumpuk2/soal.c diff --git a/README.md b/README.md index 4e4df31..cd0179b 100644 --- a/README.md +++ b/README.md @@ -40,3 +40,5 @@ Chall: --> 30802 9. kesek-kesek --> 30902 +10. tumpuk2 + --> 31002 diff --git a/tumpuk2/Dockerfile b/tumpuk2/Dockerfile new file mode 100644 index 0000000..07c69ba --- /dev/null +++ b/tumpuk2/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{R0P_G4dg3t_1s_P0w3rfull}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/tumpuk2 # ubah nama file +RUN chmod 775 /chall/tumpuk2 # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/tumpuk2,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/tumpuk2/chall/tumpuk2 b/tumpuk2/chall/tumpuk2 new file mode 100755 index 0000000000000000000000000000000000000000..5ed25604a143c5797b0a3974fd1aa2df495cfc64 GIT binary patch literal 7516 zcmeHMZE#f889tlc$Xb_mgDKywx0+~hU=1`%Dt2T;!bh7x3<26vyxe3r*&X(4cJETc z)RwqK!H|}59NSKvkxn~0(?V-o$FbB>bb-{?v1mJX#vfEia2AVWEEX~r*gnrW_k^23 zXFC1W9~^l1J`(`RjlQ6`!qCtFC zd`4V@Cfb^|g99ImE$_V{A$*+9}%BdD4zP3G$N<`}~yqVWVjKy|4pb zR_GtYi!RvR^BY4Oh5h+_wk2ioNcD8L|Uw9U)8eAToi7E ztv{7XJ2sQ^s2cyL>WrI5{!{OfoKPY$mDX+olrgNQYw)7aQ)5jA_WJx&&@n`f7f?%$ zmo$?a4>p$?FT^Njsmmfl7@v#5C5{DTtl{b4)Z6G=#|p0 zv%@dmO7of0@N;qHQl$$6g<^jRVrx8}!O?2^^Sn|T-g4P^aJTXAkK%J}`H$#c{SG$C;Di2y2VVQ6FnjR9 z!2aVO9xT+1ynHu2bnPmYcVDbjiidrBhBlsmr6jvO&Tc@5H5Qhm7isO0}%HeGUC z=H{!u6&}mqg$Eh-jin(UU)#D3>(`by$RVeIP&^$NO4cXfybrrjAzLdv*Lr!tTgK&T0V&UE5;lOX3*ojq^{z6MJ_n&m8d zey@43&u$kz*tOW^9ag@ud9#%^`jS?^ahD;awxU+jiW~L$Pmw>zyW}g-te-$Ec0zZ< z?LO!qL)*~X@F<6%e*t|0`Z%;7`}Gb?a6a^E=yvFC=uObiLGOdE1((IMtxI^m?)S_I z_$j%h>EitrX%3U?`sz)?&3TP&THUoaQkU3daKqb z66gFEhzHM)m|q%e-4Qts=l3z>6ZqiwG0RE_V|5yB8`&Vojsydbcq75k!@fwcwphJ7 zXe5Glkzhk>aDHpBu_I`#2-ZeQ!BFIAFc29D`Xfhza44T2z68eCaihzt zW*^R)JeMUO!r1}(Rbb{WDG1L({EhrHgoXK#Kn}^@%0>wD5vFZ3AO^-|Jp|2j75nl0 z%)A0WubEN!M;epiJV&A50!HulZ5NEi;m?N~7c5#_kZ|EQ7B+_)o93xz-FcGcy#Sk>+Xi`7S6F2aJIC!ZQi8En zc9p#_whGIWu#CCFjJyy!CSHL<846=Y?Uhkfu~nESY87*Z`Nq_{SD0@O=LjbbUb!;h zZya-lpkVD#c}0*)t{G~tz(oa095JKz%D1WR9u(%A#<_Fc&Nr^s8nsuxd9~IQ=1Rf* zo%iN-RuoTl%06A%xwaJMiV~u39P_9s1W!QJULmtZR%P*u*>e4B>=PeVxED4#&sT-# z;}h<6;m-kc@30T;%ys1n3)%z!%b~efpnz-Te&Bv1CVv2$dyCkE=lvclPT}}m=eiI- z1#tgP%~$bq+xG+L@wjsi0_%8r5U&wnJs$0E0rMUR3Z+JTK;^{8gB|I`1Ug~o%AAJz z-aw4!aMW1MB&7yzfu4|I~#I@DBht zIPs~enkhzr-S<3iy7=^e26zELr6v;PIm zhrb1~KflR)b9UY?^!0^%MKqR+^(SySl{4*>*_+IyV|iRfMKfl9GSg!v&8VHpa=%xte|#|!Dr;hwF|9p2KVmoDkl9iO{} zSATB2rI1VuGZwXMOI{V=x&XHY2tvWay@9+Nbkh-PFx9P}b4xhUJmFFh?0m+ITj^*r zHu(xY35?dOs{3fIJlkYHM0r$?8}<*uQ|7t6CL#A^UgHo#pM+u zW+7r$e=LV+c6Tgu-XE_;gb3#cQnu9tZReDZ>l&^}W4Wvdr!#ge9BEm#z(xm!`qPDQ zPa%P;=tNY6iQ*Q58IBI5;ZJEhrz~4yxqKp%o&ZeP@Ra1MN;YYWuna&L)o_0X(2i}z zC)X`F8TsDAvADBR<59TKNOe_9R`t+z3}B@ay%;=W(=(>V_a8>gL>T)fg}uPt_um!f zX#5JnHdcRw0AT*43vDdC?__pBp8Q(@3 zW4^+BCIfYqp(q}?t0BxP$YUP!DtLQQXXb*c^v9fUJ%rg0dCV!3sH9NWg=>5(s2Hfb#|0GIAk2!$V-6a^Bsd@KkI%p_!y<&d76@}z z13c!k5!OKdE`rsVMeGH;`%)>^(lV8q? zChNpMaPj2t2|9Q2p`1d0EI)*3fBYTo#za+?CC%gS_Zf#r7yLbngSSXgBf!kL@R;gvVn`{qja1ete}*vIB#-$|;6L#G20Mn5 zJmy9GTUyy^gOa`&zb7D^4*fB|90SiCXFV?aYM#uS5ZF4j>7scbp+WPQZ`6Tzr8u7h zkK=G${;oHJ#~f4_`eQi{p}$4~6!LCURryJq7T0SRQSgqz3D0ixA@qkPxt2MmE=@SB X +#include +#include + +char *pager ="/"; +char *bin = "bin"; +char *sh = "sh"; +char binsh[8]; + +void flag(int y,int w){ + if( y == 0xfacebabe && w == 0xbeefdead) + system(binsh); +} + +void ramuan(int x, char *dest, char *src){ + if( x == 0xdeadbeef ) + strcpy(dest,src); +} + +void vuln(){ + char buf[64]; + printf("Masukkan flag : "); + fflush(stdout); + gets(buf); + printf("flag adalah %s\n", buf); +} + +int main(){ + vuln(); +}