浏览代码

tumpuk2 add

master
letmein 6 年前
父节点
当前提交
81ddf4f172
共有 4 个文件被更改,包括 71 次插入0 次删除
  1. +2
    -0
      README.md
  2. +38
    -0
      tumpuk2/Dockerfile
  3. 二进制
      tumpuk2/chall/tumpuk2
  4. +31
    -0
      tumpuk2/soal.c

+ 2
- 0
README.md 查看文件

@ -40,3 +40,5 @@ Chall:
--> 30802
9. kesek-kesek
--> 30902
10. tumpuk2
--> 31002

+ 38
- 0
tumpuk2/Dockerfile 查看文件

@ -0,0 +1,38 @@
# Use ubuntu 16.04
FROM ubuntu:16.04
#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
#RUN apt-get update
#RUN apt-get update && apt-get install -y apt-transport-https
#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
# install socat editor ssh
#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
#RUN apt-get install socat lib32ncurses5 -y
RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
RUN adduser --disabled-password --gecos "" ksl
RUN echo "ksl:sebuahrahasiamas" | chpasswd
ADD chall/. /chall
WORKDIR /chall
RUN echo 'KSL{R0P_G4dg3t_1s_P0w3rfull}' > /chall/flag.txt # ubah isi flagnya
# Secure ENV
RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
RUN chown root:ksl /chall/tumpuk2 # ubah nama file
RUN chmod 775 /chall/tumpuk2 # ubah nama file
# Run Service
RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/tumpuk2,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
CMD ["/var/tmp/.start.sh"]

二进制
tumpuk2/chall/tumpuk2 查看文件


+ 31
- 0
tumpuk2/soal.c 查看文件

@ -0,0 +1,31 @@
//gcc -m32 -mpreferred-stack-boundary=2 -fno-stack-protector -no-pie -fno-builtin -o tumpuk2 soal.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
char *pager ="/";
char *bin = "bin";
char *sh = "sh";
char binsh[8];
void flag(int y,int w){
if( y == 0xfacebabe && w == 0xbeefdead)
system(binsh);
}
void ramuan(int x, char *dest, char *src){
if( x == 0xdeadbeef )
strcpy(dest,src);
}
void vuln(){
char buf[64];
printf("Masukkan flag : ");
fflush(stdout);
gets(buf);
printf("flag adalah %s\n", buf);
}
int main(){
vuln();
}

||||||
x
 
000:0
正在加载...
取消
保存