Merge branch 'master' of https://git.stikom-bali.ac.id/mamang/soal_pwn_ksl_seleksi

Docker Env/Dockerfile

@@ -0,0 +1,31 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+
+# install socat editor ssh
+RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{xxxxxxxxxxxxxxxxxx}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/namafile.py # ubah nama file
+RUN chmod 775 /chall/namafile.py # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/namafile.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

Docker Env/TUTORIAL

@@ -0,0 +1,3 @@
+docker build -t "nama_challenge" .
+docker run -p "port_anda:7000" -it cobamaba # mode non-daemon utk debug
+docker run -p "port_anda:7000" -itd cobamaba # mode daemon kalau dianggap program sudah fix berjalan

Kepala/Dockerfile

@@ -0,0 +1,33 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+
+# install socat editor ssh
+RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev ruby-full -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN cp /usr/bin/ruby /usr/local/bin/
+RUN cp /usr/bin/curl /usr/local/bin/
+RUN echo 'KSL{n0T_0nLy_p1P3_L1n3_C4n_D0_Th4T}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python /usr/bin/ruby
+
+
+RUN chown root:ksl /chall/header.rb # ubah nama file
+RUN chmod 775 /chall/header.rb # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5550,reuseaddr,fork EXEC:"/chall/header.rb,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

Kepala/header.rb

@@ -0,0 +1,12 @@
+puts "HEADER FINDER"
+puts "By: Oka Aditya"
+print "Masukan Alamat Web : "
+url = gets.chomp
+
+if url.include? "|" or url.include? "&&" or url.include "||"
+  abort "Hacking Detected"
+
+else
+	puts "Silakan mengunjungi link di bawah untuk mendapatkan headernya"
+	system("curl -I -s #{url} | curl -F 'clbin=<-' https://clbin.com")
+end

Perintah linux/aa.py

@@ -0,0 +1,44 @@
+#!/usr/bin/python
+
+import sys
+import os
+
+class Unbuffered(object):
+   def __init__(self, stream):
+       self.stream = stream
+   def write(self, data):
+       self.stream.write(data)
+       self.stream.flush()
+   def writelines(self, datas):
+       self.stream.writelines(datas)
+       self.stream.flush()
+   def __getattr__(self, attr):
+       return getattr(self.stream, attr)
+
+sys.stdout = Unbuffered(sys.stdout)
+print"      /$$   /$$  /$$$$$$  /$$             /$$$$$$$  /$$      /$$ /$$   /$$"
+print"     | $$  /$$/ /$$__  $$| $$            | $$__  $$| $$  /$ | $$| $$$ | $$"
+print"     | $$ /$$/ | $$  \__/| $$            | $$  \ $$| $$ /$$$| $$| $$$$| $$"
+print"     | $$$$$/  |  $$$$$$ | $$            | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$"
+print"     | $$  $$   \____  $$| $$            | $$____/ | $$$$_  $$$$| $$  $$$$"
+print"     | $$\  $$  /$$  \ $$| $$            | $$      | $$$/ \  $$$| $$\  $$$"
+print"     | $$ \  $$|  $$$$$$/| $$$$$$$$      | $$      | $$/   \  $$| $$ \  $$"
+print"     |__/  \__/ \______/ |________/      |__/      |__/     \__/|__/  \__/"
+print"     Author : Bagus Widhyasmara"
+print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>"
+print" "
+print "clue --> The 3rd answer can be read use indonesian and english language !"
+
+flag1 = "{flag=you_are_jenius}"
+
+while True:
+  x = raw_input("enter your born place ")
+  y = input("enter your bornn year ")
+  z = input("how many letters o on born ? ")
+  if z == 1:
+    perlin = raw_input("silahkan ketik perintah linux apapun! ")
+    os.system(perlin)
+    print "Here ya go! ", flag1
+    exit(0)
+  else:
+    print "{fIa9=YOU_VERY_STUPID_!!!}"

Perintah linux/aaa.py

@@ -0,0 +1,36 @@
+#!/usr/bin/python
+
+import sys
+import os
+
+class Unbuffered(object):
+   def __init__(self, stream):
+       self.stream = stream
+   def write(self, data):
+       self.stream.write(data)
+       self.stream.flush()
+   def writelines(self, datas):
+       self.stream.writelines(datas)
+       self.stream.flush()
+   def __getattr__(self, attr):
+       return getattr(self.stream, attr)
+
+sys.stdout = Unbuffered(sys.stdout)
+print"      /$$   /$$  /$$$$$$  /$$             /$$$$$$$  /$$      /$$ /$$   /$$"
+print"     | $$  /$$/ /$$__  $$| $$            | $$__  $$| $$  /$ | $$| $$$ | $$"
+print"     | $$ /$$/ | $$  \__/| $$            | $$  \ $$| $$ /$$$| $$| $$$$| $$"
+print"     | $$$$$/  |  $$$$$$ | $$            | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$"
+print"     | $$  $$   \____  $$| $$            | $$____/ | $$$$_  $$$$| $$  $$$$"
+print"     | $$\  $$  /$$  \ $$| $$            | $$      | $$$/ \  $$$| $$\  $$$"
+print"     | $$ \  $$|  $$$$$$/| $$$$$$$$      | $$      | $$/   \  $$| $$ \  $$"
+print"     |__/  \__/ \______/ |________/      |__/      |__/     \__/|__/  \__/"
+print"     Author : Bagus Widhyasmara"
+print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>"
+print" "
+name = raw_input("Masukan nama anda : ")
+print("Selamat datang "+name)
+perlin = raw_input("silahkan ketik perintah linux apapun! ")
+os.system(perlin)
+print("{flag=you_get_the_flag}")
+
+

README.md

@@ -0,0 +1 @@
+Kumpulan Soal PWN KSL untuk seleksi mahasiswa baru KSL 2018

Service Agent/Service Agent.rb

@@ -0,0 +1,20 @@
+#!/usr/bin/ruby
+
+puts "================================================================================================================================================================================================"
+puts "=============================================================================SELAMAT DATANG DI PORTAL RAHASIA==================================================================================="
+puts "================================================================================================================================================================================================"
+print "Masukan Kode Rahasia Agen: "
+code = gets.chomp
+
+if code == "KSL_SECRET_TEAM007" then
+  puts "================================================================================================================================================================================================"
+  puts "==========================================================Selamat datang agen KSL, ini adalah sesi control panel anda. Gunakan dengan bijak!===================================================="
+  puts "================================================================================================================================================================================================"
+  print "Enter Secret Command : "
+  sc = gets.chomp
+  system("#{sc}")
+else
+  abort "Maaf Kode yang anda salah!"
+end
+
+

calc-pwn/Dockerfile

@@ -0,0 +1,31 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+
+# install socat editor ssh
+RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{EVAL_4_LYFE}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/calc.py # ubah nama file
+RUN chmod 775 /chall/calc.py # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/calc.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

calc-pwn/chall/calc.py

@@ -0,0 +1,50 @@
+#!/usr/bin/python
+
+import sys
+
+class Unbuffered(object):
+   def __init__(self, stream):
+       self.stream = stream
+   def write(self, data):
+       self.stream.write(data)
+       self.stream.flush()
+   def writelines(self, datas):
+       self.stream.writelines(datas)
+       self.stream.flush()
+   def __getattr__(self, attr):
+       return getattr(self.stream, attr)
+
+sys.stdout = Unbuffered(sys.stdout)
+
+def hitung(x,z,y):
+    return eval(x+z+y)
+
+#menu operasi
+print       " /$$   /$$  /$$$$$$  /$$             /$$$$$$$  /$$      /$$ /$$   /$$"
+print       "| $$  /$$/ /$$__  $$| $$            | $$__  $$| $$  /$ | $$| $$$ | $$"
+print       "| $$ /$$/ | $$  \__/| $$            | $$  \ $$| $$ /$$$| $$| $$$$| $$"
+print       "| $$$$$/  |  $$$$$$ | $$            | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$"
+print       "| $$  $$   \____  $$| $$            | $$____/ | $$$$_  $$$$| $$  $$$$"
+print       "| $$\  $$  /$$  \ $$| $$            | $$      | $$$/ \  $$$| $$\  $$$"
+print       "| $$ \  $$|  $$$$$$/| $$$$$$$$      | $$      | $$/   \  $$| $$ \  $$"
+print       "|__/  \__/ \______/ |________/      |__/      |__/     \__/|__/  \__/"
+print       "Author : Galanggg"
+print "===============================================================================>"
+print "1. Penjumlahan (+)"
+print "2. Pengurangan (-)"
+print "3. Perkalian (*)"
+print "4. Pembagian (:)"
+
+choice = raw_input("Masukkan pilihan Anda (1/2/3/4): ")
+
+num1 = raw_input("Masukkan Bilangan Pertama : ")
+num2 = raw_input("Masukkan Bilangan Kedua : ")
+
+if choice == '1':
+    print num1,"+",num2,"=",hitung(num1,"+",num2)
+elif choice == '2':
+    print num1,"-",num2,"=",hitung(num1,"-",num2)
+elif choice == '3':
+    print num1,"*",num2,"=",hitung(num1,"*",num2)
+elif choice == '4':
+    print num1,"/",num2,"=",hitung(num1,"/",num2)

ku-ingin-lompat-sambil-jumping/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{Welc0me_t0_PWn_W0rLd!1!}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/ingin_melompat2 # ubah nama file
+RUN chmod 775 /chall/ingin_melompat2 # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat2,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

ku-ingin-lompat-sambil-jumping/ingin_melompat2.c

@@ -0,0 +1,92 @@
+//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin -mpreferred-stack-boundary=2 -m32 ingin_melompat2.c -o ingin_melompat2
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int wallet = 18;
+char burung[8];
+
+void secret_message(){
+  system("/bin/sh");
+}
+void init(){
+setvbuf(stdin, NULL, _IONBF, 0);
+setvbuf(stdout, NULL, _IONBF, 0);
+setvbuf(stderr, NULL, _IONBF, 0);
+}
+void buy_flag(){
+  if(wallet < 999999999999) printf("kamu terlalu lemah dude :)\n");
+    else secret_message();
+}
+void jual_burung(){
+    char buffer[64];
+    getchar();
+    printf("burung apa yang kamu mau jual ?\n");
+    fflush(stdout);
+    fgets(buffer, sizeof(buffer), stdin);
+    printf("yang kamu jual : ");
+    printf(buffer);
+    if(strcmp(buffer,"garuda") == 1 && strcmp(burung,"garuda") == 0){
+      printf("burung berhasil di jual\n");
+      wallet = wallet + 10;
+      memset(&burung[0], 0, sizeof(burung));
+    } else{ 
+      puts("not found !\n"); 
+      exit(0);
+    }
+}
+void menu(){
+  printf("+--------------------------------+\n");
+  printf("---------PASAR BURUNG 2.0---------\n");
+  printf("+--------------------------------+\n");
+  printf("1. beli flag (sawit 1 hektar)\n");
+  printf("2. beli garuda (10 ruby)\n");
+  printf("3. lihat burung yang udah di beli\n");
+  printf("4. jual burung\n");
+  printf("5. check wallet\n");
+  printf("6. exit\n");
+}
+
+int main()
+{
+  while(1){
+  char pilihan;
+  init();
+  menu();
+  printf(">>");
+  fflush(stdout);
+
+  scanf("%s",&pilihan);
+  switch(pilihan){
+    case '1' : 
+    buy_flag();
+    break;
+    case '2' :
+    if(wallet > 10){
+      printf("burung berhasil di beli\n");
+      wallet = wallet - 10;
+      strcpy(burung,"garuda");
+    } else printf("uang gak cukup!\n");
+    break;
+    case '3' :
+    if(strlen(burung) == 0) printf("belum ada yang kamu beli!\n");
+    else printf("burung yg dah di beli : %s\n",burung);
+    break;
+    case '4' :
+    jual_burung();
+    break;
+    case '5' :
+    printf("isi wallet : %d ruby\n",wallet);
+    break;
+    case '6' :
+    printf("makasih udah berkunjung :)\n");
+    exit(0);
+    break;
+    default :
+    fprintf(stderr,"bad request!\n");
+    exit(0);
+  }
+}
+
+}

ku-ingin-melompat/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{W1th_R3turn_Y0U_C4n_Ch4nges_w0RlD}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/ingin_melompat # ubah nama file
+RUN chmod 775 /chall/ingin_melompat # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

ku-ingin-melompat/ingin_melompat.c

@@ -0,0 +1,82 @@
+//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin -mpreferred-stack-boundary=2 -m32 ingin_melompat.c -o ingin_melompat     
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int wallet = 18;
+char burung[8];
+
+void secret_message(){
+  system("/bin/sh");
+}
+
+void init(){
+setvbuf(stdin, NULL, _IONBF, 0);
+setvbuf(stdout, NULL, _IONBF, 0);
+setvbuf(stderr, NULL, _IONBF, 0);
+}
+
+void buy_flag(){
+  if(wallet < 999999999999) printf("kamu terlalu lemah dude :)\n");
+    else secret_message();
+}
+void jual_burung(){
+    char buffer[64];
+    printf("burung apa yang kamu mau jual ?\n");
+    read(0,buffer,128);
+}
+void menu(){
+  printf("+--------------------------------+\n");
+  printf("------------PASAR BURUNG----------\n");
+  printf("+--------------------------------+\n");
+  printf("1. beli flag (999999 ruby)\n");
+  printf("2. beli garuda (10 ruby)\n");
+  printf("3. lihat burung yang udah di beli\n");
+  printf("4. jual burung\n");
+  printf("5. check wallet\n");
+  printf("6. exit\n");
+}
+
+int main()
+{
+  while(1){
+  char pilihan;
+  init();
+  menu();
+  printf(">>");
+  fflush(stdout);
+
+  scanf("%s",&pilihan);
+  switch(pilihan){
+    case '1' : 
+    buy_flag();
+    break;
+    case '2' :
+    if(wallet > 10){
+      printf("burung berhasil di beli\n");
+      wallet = wallet - 10;
+      strcpy(burung,"garuda");
+    } else printf("uang gak cukup!\n");
+    break;
+    case '3' :
+    if(strlen(burung) == 0) printf("belum ada yang kamu beli!\n");
+    else printf("burung yg dah di beli : %s\n",burung);
+    break;
+    case '4' :
+    jual_burung();
+    break;
+    case '5' :
+    printf("isi wallet : %d ruby\n",wallet);
+    break;
+    case '6' :
+    printf("makasih udah berkunjung :)\n");
+    exit(0);
+    break;
+    default :
+    fprintf(stderr,"bad request!\n");
+    exit(0);
+  }
+}
+
+}

perintah_linux/aa.py

@@ -0,0 +1,41 @@
+#!/usr/bin/python
+
+import sys
+import os
+
+class Unbuffered(object):
+   def __init__(self, stream):
+       self.stream = stream
+   def write(self, data):
+       self.stream.write(data)
+       self.stream.flush()
+   def writelines(self, datas):
+       self.stream.writelines(datas)
+       self.stream.flush()
+   def __getattr__(self, attr):
+       return getattr(self.stream, attr)
+
+sys.stdout = Unbuffered(sys.stdout)
+print"      /$$   /$$  /$$$$$$  /$$             /$$$$$$$  /$$      /$$ /$$   /$$"
+print"     | $$  /$$/ /$$__  $$| $$            | $$__  $$| $$  /$ | $$| $$$ | $$"
+print"     | $$ /$$/ | $$  \__/| $$            | $$  \ $$| $$ /$$$| $$| $$$$| $$"
+print"     | $$$$$/  |  $$$$$$ | $$            | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$"
+print"     | $$  $$   \____  $$| $$            | $$____/ | $$$$_  $$$$| $$  $$$$"
+print"     | $$\  $$  /$$  \ $$| $$            | $$      | $$$/ \  $$$| $$\  $$$"
+print"     | $$ \  $$|  $$$$$$/| $$$$$$$$      | $$      | $$/   \  $$| $$ \  $$"
+print"     |__/  \__/ \______/ |________/      |__/      |__/     \__/|__/  \__/"
+print"     Author : Bagus Widhyasmara"
+print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>"
+print" "
+print "clue --> The 3rd answer can be read use indonesian and english language !"
+name = raw_input("Masukan nama anda : ")
+print("Selamat datang "+name)
+while True:
+  x = raw_input("enter your born place ")
+  y = input("enter your bornn year ")
+  z = input("how many letters o on born ? ")
+  if z == 1:
+    perlin = raw_input("silahkan ketik perintah linux apapun! ")
+    os.system(perlin)
+    exit(0)
+

ping-service/Dockerfile

@@ -0,0 +1,31 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+
+# install socat editor ssh
+RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{U14RZ_M4M4NXX_KERENZX_4ANEETTT!!}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/ping-service.py # ubah nama file
+RUN chmod 775 /chall/ping-service.py # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ping-service.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

ping-service/chall/ping-service.py

@@ -0,0 +1,77 @@
+#!/usr/bin/python
+
+import sys, subprocess, re
+from os import system as MaManX
+
+def make_secure():
+    unsafe_word = ['__import__', 'eval', 'execfile', 'file', 'input', 'compile', 'reload']
+    for unsafe in unsafe_word:
+        del __builtins__.__dict__[unsafe]
+
+class Unbuffered(object):
+   def __init__(self, stream):
+       self.stream = stream
+   def write(self, data):
+       self.stream.write(data)
+       self.stream.flush()
+   def writelines(self, datas):
+       self.stream.writelines(datas)
+       self.stream.flush()
+   def __getattr__(self, attr):
+       return getattr(self.stream, attr)
+
+sys.stdout = Unbuffered(sys.stdout)
+
+def banner():
+    return '''
+\033[1;32mWELCOME TO MAMANX PINX SERVICE\033[1;m\033[1;31m
+ _   __ _____  _        _____  _____  _   _  _____     _____  _____  _____  _   _  _____  _____  _____ 
+| | / //  ___|| |      | ___ \|_   _|| \ | ||  __ \   /  ___||  ___|| ___ \| | | ||_   _|/  __ \|  ___|
+| |/ / \ `--. | |      | |_/ /  | |  |  \| || |  \/   \ `--. | |__  | |_/ /| | | |  | |  | /  \/| |__  
+|    \  `--. \| |      |  __/   | |  | . ` || | __     `--. \|  __| |    / | | | |  | |  | |    |  __| 
+| |\  \/\__/ /| |____  | |     _| |_ | |\  || |_\ \   /\__/ /| |___ | |\ \ \ \./ / _| |_ | \__/\| |___ 
+\_| \_/\____/ \_____/  \_|     \___/ \_| \_/ \____/   \____/ \____/ \_| \_| \___/  \___/ \_____/\____/ 
+    \033[1;m                                                                                                     
+\033[1;32mversion [beta 1.1 MAMANK]\033[1;m
+    '''
+def displayMenu():
+    return '''
+Choose a ksl ping service: 
+  1. Ping only one time
+  2. Ping multiple times
+  3. Exit MaManX
+'''
+
+def main():
+    make_secure()
+    print banner()
+    print displayMenu()
+
+    userNumber = raw_input("Masukkan pilihan (1-3): ")
+    if userNumber == "1" :
+        host = raw_input("\nMasukkan alamat host : ")                         
+        p1 = subprocess.Popen(['ping','-c 5', host], stdout=subprocess.PIPE)
+        output = p1.communicate()[0]                                        
+        print output                                                        
+        exit()
+    elif userNumber == "2" :
+        user = int(raw_input("\nMasukkan jumlah host: "))
+        while user <= 1:
+            user = int(raw_input("\nMasukkan host lebih dari 1 MaManX: "))
+        for o in range(user):                          
+            host = raw_input("Masukkan alamat host ke " +str(o+1) +" : ")
+            hosts=   re.sub('[|,;]', '', host)
+            pings = MaManX('ping -c 5 ' + hosts ) 
+            if (pings == 0):
+                print host.upper(), "IS UP MAMANX"
+            else :
+                print host.upper(), "IS LOST MAMANX"
+            print ""
+    elif userNumber == "3" :
+        print "\nTerimakasih telah menggunakan jasa kami MaManX"
+        exit()
+    else :
+        print "\nMaManX salah masukkin acchh :("
+        exit()
+
+main()

service-diary/diary32bit/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/diary32 # ubah nama file
+RUN chmod 775 /chall/diary32 # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary32,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

service-diary/diary32bit/diary32.c

@@ -0,0 +1,47 @@
+//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin -mpreferred-stack-boundary=2 -m32 diary.c -o diary
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+
+void not_even_called(){
+  puts("\nWelcome Garuda Muda\n");
+  system("/bin/sh");
+}
+void init(){
+setvbuf(stdin, NULL, _IONBF, 0);
+setvbuf(stdout, NULL, _IONBF, 0);
+setvbuf(stderr, NULL, _IONBF, 0);
+}
+
+void tulisan(){
+puts("██████╗ ██╗ █████╗ ██████╗ ██╗   ██╗    ███████╗███████╗██████╗ ██╗   ██╗██╗ ██████╗███████╗");
+puts("██╔══██╗██║██╔══██╗██╔══██╗╚██╗ ██╔╝    ██╔════╝██╔════╝██╔══██╗██║   ██║██║██╔════╝██╔════╝");
+puts("██║  ██║██║███████║██████╔╝ ╚████╔╝     ███████╗█████╗  ██████╔╝██║   ██║██║██║     █████╗  ");
+puts("██║  ██║██║██╔══██║██╔══██╗  ╚██╔╝      ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██║██║     ██╔══╝  ");
+puts("██████╔╝██║██║  ██║██║  ██║   ██║       ███████║███████╗██║  ██║ ╚████╔╝ ██║╚██████╗███████╗");
+puts("╚═════╝ ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚═╝ ╚═════╝╚══════╝\n");
+}
+
+int main()
+{
+init();
+char a[4];
+int b;
+char c[16];
+
+strcpy(a,"KSL");
+b = 14045;
+
+tulisan();
+printf("Welcome to Diary Application \n");
+printf("write something : ");
+gets(c); 
+if(strlen(c) > 20){
+  printf("karakter gak boleh lebih dari 20\n");
+} else{ 
+  if(b == 0x67616c66) not_even_called();
+  else printf("isi diary kamu : %s\n",c);
+}
+exit(0);
+}
+

service-diary/diary64bit/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/diary64 # ubah nama file
+RUN chmod 775 /chall/diary64 # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary64,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

service-diary/diary64bit/diary64.c

@@ -0,0 +1,48 @@
+//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin diary64.c -o diary64     
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+ 
+void not_even_called(){
+ printf("\nwelcome garuda muda\n");
+ system("/bin/sh");
+}
+
+void init(){
+setvbuf(stdin, NULL, _IONBF, 0);
+setvbuf(stdout, NULL, _IONBF, 0);
+setvbuf(stderr, NULL, _IONBF, 0);
+}
+
+void tulisan(){
+puts("██████╗ ██╗ █████╗ ██████╗ ██╗   ██╗    ███████╗███████╗██████╗ ██╗   ██╗██╗ ██████╗███████╗");
+puts("██╔══██╗██║██╔══██╗██╔══██╗╚██╗ ██╔╝    ██╔════╝██╔════╝██╔══██╗██║   ██║██║██╔════╝██╔════╝");
+puts("██║  ██║██║███████║██████╔╝ ╚████╔╝     ███████╗█████╗  ██████╔╝██║   ██║██║██║     █████╗  ");
+puts("██║  ██║██║██╔══██║██╔══██╗  ╚██╔╝      ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██║██║     ██╔══╝  ");
+puts("██████╔╝██║██║  ██║██║  ██║   ██║       ███████║███████╗██║  ██║ ╚████╔╝ ██║╚██████╗███████╗");
+puts("╚═════╝ ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝       ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚═╝ ╚═════╝╚══════╝\n");
+}
+
+int main()
+{
+init();
+char a[4];
+int b;
+char c[64];
+
+strcpy(a,"KSL");
+b = 14045;
+
+tulisan();
+printf("Welcome to Diary Application \n");
+printf("write something : ");
+gets(c);
+if(strlen(c) > 20){
+ printf("karakter gak boleh lebih dari 20\n");
+} else{
+ if(b == 0x67616c66) not_even_called();
+ else printf("isi diary kamu : %s\n",c);
+}
+exit(0);
+}
+