diff --git a/Docker Env/Dockerfile b/Docker Env/Dockerfile new file mode 100644 index 0000000..772170b --- /dev/null +++ b/Docker Env/Dockerfile @@ -0,0 +1,31 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken + +# install socat editor ssh +RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{xxxxxxxxxxxxxxxxxx}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/namafile.py # ubah nama file +RUN chmod 775 /chall/namafile.py # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/namafile.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] \ No newline at end of file diff --git a/Docker Env/TUTORIAL b/Docker Env/TUTORIAL new file mode 100644 index 0000000..b326e5c --- /dev/null +++ b/Docker Env/TUTORIAL @@ -0,0 +1,3 @@ +docker build -t "nama_challenge" . +docker run -p "port_anda:7000" -it cobamaba # mode non-daemon utk debug +docker run -p "port_anda:7000" -itd cobamaba # mode daemon kalau dianggap program sudah fix berjalan diff --git a/Kepala/Dockerfile b/Kepala/Dockerfile new file mode 100644 index 0000000..95099a0 --- /dev/null +++ b/Kepala/Dockerfile @@ -0,0 +1,33 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken + +# install socat editor ssh +RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev ruby-full -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN cp /usr/bin/ruby /usr/local/bin/ +RUN cp /usr/bin/curl /usr/local/bin/ +RUN echo 'KSL{n0T_0nLy_p1P3_L1n3_C4n_D0_Th4T}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python /usr/bin/ruby + + +RUN chown root:ksl /chall/header.rb # ubah nama file +RUN chmod 775 /chall/header.rb # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5550,reuseaddr,fork EXEC:"/chall/header.rb,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/Kepala/header.rb b/Kepala/header.rb new file mode 100644 index 0000000..f4749b8 --- /dev/null +++ b/Kepala/header.rb @@ -0,0 +1,12 @@ +puts "HEADER FINDER" +puts "By: Oka Aditya" +print "Masukan Alamat Web : " +url = gets.chomp + +if url.include? "|" or url.include? "&&" or url.include "||" + abort "Hacking Detected" + +else + puts "Silakan mengunjungi link di bawah untuk mendapatkan headernya" + system("curl -I -s #{url} | curl -F 'clbin=<-' https://clbin.com") +end diff --git a/Perintah linux/aa.py b/Perintah linux/aa.py new file mode 100644 index 0000000..246f346 --- /dev/null +++ b/Perintah linux/aa.py @@ -0,0 +1,44 @@ +#!/usr/bin/python + +import sys +import os + +class Unbuffered(object): + def __init__(self, stream): + self.stream = stream + def write(self, data): + self.stream.write(data) + self.stream.flush() + def writelines(self, datas): + self.stream.writelines(datas) + self.stream.flush() + def __getattr__(self, attr): + return getattr(self.stream, attr) + +sys.stdout = Unbuffered(sys.stdout) +print" /$$ /$$ /$$$$$$ /$$ /$$$$$$$ /$$ /$$ /$$ /$$" +print" | $$ /$$/ /$$__ $$| $$ | $$__ $$| $$ /$ | $$| $$$ | $$" +print" | $$ /$$/ | $$ \__/| $$ | $$ \ $$| $$ /$$$| $$| $$$$| $$" +print" | $$$$$/ | $$$$$$ | $$ | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$" +print" | $$ $$ \____ $$| $$ | $$____/ | $$$$_ $$$$| $$ $$$$" +print" | $$\ $$ /$$ \ $$| $$ | $$ | $$$/ \ $$$| $$\ $$$" +print" | $$ \ $$| $$$$$$/| $$$$$$$$ | $$ | $$/ \ $$| $$ \ $$" +print" |__/ \__/ \______/ |________/ |__/ |__/ \__/|__/ \__/" +print" Author : Bagus Widhyasmara" +print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>" +print" " +print "clue --> The 3rd answer can be read use indonesian and english language !" + +flag1 = "{flag=you_are_jenius}" + +while True: + x = raw_input("enter your born place ") + y = input("enter your bornn year ") + z = input("how many letters o on born ? ") + if z == 1: + perlin = raw_input("silahkan ketik perintah linux apapun! ") + os.system(perlin) + print "Here ya go! ", flag1 + exit(0) + else: + print "{fIa9=YOU_VERY_STUPID_!!!}" diff --git a/Perintah linux/aaa.py b/Perintah linux/aaa.py new file mode 100644 index 0000000..cdd8eb3 --- /dev/null +++ b/Perintah linux/aaa.py @@ -0,0 +1,36 @@ +#!/usr/bin/python + +import sys +import os + +class Unbuffered(object): + def __init__(self, stream): + self.stream = stream + def write(self, data): + self.stream.write(data) + self.stream.flush() + def writelines(self, datas): + self.stream.writelines(datas) + self.stream.flush() + def __getattr__(self, attr): + return getattr(self.stream, attr) + +sys.stdout = Unbuffered(sys.stdout) +print" /$$ /$$ /$$$$$$ /$$ /$$$$$$$ /$$ /$$ /$$ /$$" +print" | $$ /$$/ /$$__ $$| $$ | $$__ $$| $$ /$ | $$| $$$ | $$" +print" | $$ /$$/ | $$ \__/| $$ | $$ \ $$| $$ /$$$| $$| $$$$| $$" +print" | $$$$$/ | $$$$$$ | $$ | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$" +print" | $$ $$ \____ $$| $$ | $$____/ | $$$$_ $$$$| $$ $$$$" +print" | $$\ $$ /$$ \ $$| $$ | $$ | $$$/ \ $$$| $$\ $$$" +print" | $$ \ $$| $$$$$$/| $$$$$$$$ | $$ | $$/ \ $$| $$ \ $$" +print" |__/ \__/ \______/ |________/ |__/ |__/ \__/|__/ \__/" +print" Author : Bagus Widhyasmara" +print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>" +print" " +name = raw_input("Masukan nama anda : ") +print("Selamat datang "+name) +perlin = raw_input("silahkan ketik perintah linux apapun! ") +os.system(perlin) +print("{flag=you_get_the_flag}") + + diff --git a/README.md b/README.md new file mode 100644 index 0000000..2fd2a44 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +Kumpulan Soal PWN KSL untuk seleksi mahasiswa baru KSL 2018 \ No newline at end of file diff --git a/Service Agent/Service Agent.rb b/Service Agent/Service Agent.rb new file mode 100755 index 0000000..6ec0bec --- /dev/null +++ b/Service Agent/Service Agent.rb @@ -0,0 +1,20 @@ +#!/usr/bin/ruby + +puts "================================================================================================================================================================================================" +puts "=============================================================================SELAMAT DATANG DI PORTAL RAHASIA===================================================================================" +puts "================================================================================================================================================================================================" +print "Masukan Kode Rahasia Agen: " +code = gets.chomp + +if code == "KSL_SECRET_TEAM007" then + puts "================================================================================================================================================================================================" + puts "==========================================================Selamat datang agen KSL, ini adalah sesi control panel anda. Gunakan dengan bijak!====================================================" + puts "================================================================================================================================================================================================" + print "Enter Secret Command : " + sc = gets.chomp + system("#{sc}") +else + abort "Maaf Kode yang anda salah!" +end + + diff --git a/calc-pwn/Dockerfile b/calc-pwn/Dockerfile new file mode 100644 index 0000000..6e01cdd --- /dev/null +++ b/calc-pwn/Dockerfile @@ -0,0 +1,31 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken + +# install socat editor ssh +RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{EVAL_4_LYFE}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/calc.py # ubah nama file +RUN chmod 775 /chall/calc.py # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/calc.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/calc-pwn/chall/calc.py b/calc-pwn/chall/calc.py new file mode 100755 index 0000000..fc648b5 --- /dev/null +++ b/calc-pwn/chall/calc.py @@ -0,0 +1,50 @@ +#!/usr/bin/python + +import sys + +class Unbuffered(object): + def __init__(self, stream): + self.stream = stream + def write(self, data): + self.stream.write(data) + self.stream.flush() + def writelines(self, datas): + self.stream.writelines(datas) + self.stream.flush() + def __getattr__(self, attr): + return getattr(self.stream, attr) + +sys.stdout = Unbuffered(sys.stdout) + +def hitung(x,z,y): + return eval(x+z+y) + +#menu operasi +print " /$$ /$$ /$$$$$$ /$$ /$$$$$$$ /$$ /$$ /$$ /$$" +print "| $$ /$$/ /$$__ $$| $$ | $$__ $$| $$ /$ | $$| $$$ | $$" +print "| $$ /$$/ | $$ \__/| $$ | $$ \ $$| $$ /$$$| $$| $$$$| $$" +print "| $$$$$/ | $$$$$$ | $$ | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$" +print "| $$ $$ \____ $$| $$ | $$____/ | $$$$_ $$$$| $$ $$$$" +print "| $$\ $$ /$$ \ $$| $$ | $$ | $$$/ \ $$$| $$\ $$$" +print "| $$ \ $$| $$$$$$/| $$$$$$$$ | $$ | $$/ \ $$| $$ \ $$" +print "|__/ \__/ \______/ |________/ |__/ |__/ \__/|__/ \__/" +print "Author : Galanggg" +print "===============================================================================>" +print "1. Penjumlahan (+)" +print "2. Pengurangan (-)" +print "3. Perkalian (*)" +print "4. Pembagian (:)" + +choice = raw_input("Masukkan pilihan Anda (1/2/3/4): ") + +num1 = raw_input("Masukkan Bilangan Pertama : ") +num2 = raw_input("Masukkan Bilangan Kedua : ") + +if choice == '1': + print num1,"+",num2,"=",hitung(num1,"+",num2) +elif choice == '2': + print num1,"-",num2,"=",hitung(num1,"-",num2) +elif choice == '3': + print num1,"*",num2,"=",hitung(num1,"*",num2) +elif choice == '4': + print num1,"/",num2,"=",hitung(num1,"/",num2) \ No newline at end of file diff --git a/ku-ingin-lompat-sambil-jumping/Dockerfile b/ku-ingin-lompat-sambil-jumping/Dockerfile new file mode 100644 index 0000000..8cce19c --- /dev/null +++ b/ku-ingin-lompat-sambil-jumping/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{Welc0me_t0_PWn_W0rLd!1!}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/ingin_melompat2 # ubah nama file +RUN chmod 775 /chall/ingin_melompat2 # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat2,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/ku-ingin-lompat-sambil-jumping/chall/ingin_melompat2 b/ku-ingin-lompat-sambil-jumping/chall/ingin_melompat2 new file mode 100755 index 0000000..790665c Binary files /dev/null and b/ku-ingin-lompat-sambil-jumping/chall/ingin_melompat2 differ diff --git a/ku-ingin-lompat-sambil-jumping/ingin_melompat2.c b/ku-ingin-lompat-sambil-jumping/ingin_melompat2.c new file mode 100644 index 0000000..18ef5f8 --- /dev/null +++ b/ku-ingin-lompat-sambil-jumping/ingin_melompat2.c @@ -0,0 +1,92 @@ +//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin -mpreferred-stack-boundary=2 -m32 ingin_melompat2.c -o ingin_melompat2 +#include +#include +#include +#include + +int wallet = 18; +char burung[8]; + +void secret_message(){ + system("/bin/sh"); +} +void init(){ +setvbuf(stdin, NULL, _IONBF, 0); +setvbuf(stdout, NULL, _IONBF, 0); +setvbuf(stderr, NULL, _IONBF, 0); +} +void buy_flag(){ + if(wallet < 999999999999) printf("kamu terlalu lemah dude :)\n"); + else secret_message(); +} +void jual_burung(){ + char buffer[64]; + getchar(); + printf("burung apa yang kamu mau jual ?\n"); + fflush(stdout); + fgets(buffer, sizeof(buffer), stdin); + printf("yang kamu jual : "); + printf(buffer); + if(strcmp(buffer,"garuda") == 1 && strcmp(burung,"garuda") == 0){ + printf("burung berhasil di jual\n"); + wallet = wallet + 10; + memset(&burung[0], 0, sizeof(burung)); + } else{ + puts("not found !\n"); + exit(0); + } +} +void menu(){ + printf("+--------------------------------+\n"); + printf("---------PASAR BURUNG 2.0---------\n"); + printf("+--------------------------------+\n"); + printf("1. beli flag (sawit 1 hektar)\n"); + printf("2. beli garuda (10 ruby)\n"); + printf("3. lihat burung yang udah di beli\n"); + printf("4. jual burung\n"); + printf("5. check wallet\n"); + printf("6. exit\n"); +} + +int main() +{ + while(1){ + char pilihan; + init(); + menu(); + printf(">>"); + fflush(stdout); + + scanf("%s",&pilihan); + switch(pilihan){ + case '1' : + buy_flag(); + break; + case '2' : + if(wallet > 10){ + printf("burung berhasil di beli\n"); + wallet = wallet - 10; + strcpy(burung,"garuda"); + } else printf("uang gak cukup!\n"); + break; + case '3' : + if(strlen(burung) == 0) printf("belum ada yang kamu beli!\n"); + else printf("burung yg dah di beli : %s\n",burung); + break; + case '4' : + jual_burung(); + break; + case '5' : + printf("isi wallet : %d ruby\n",wallet); + break; + case '6' : + printf("makasih udah berkunjung :)\n"); + exit(0); + break; + default : + fprintf(stderr,"bad request!\n"); + exit(0); + } +} + +} diff --git a/ku-ingin-melompat/Dockerfile b/ku-ingin-melompat/Dockerfile new file mode 100644 index 0000000..fcad5f4 --- /dev/null +++ b/ku-ingin-melompat/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{W1th_R3turn_Y0U_C4n_Ch4nges_w0RlD}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/ingin_melompat # ubah nama file +RUN chmod 775 /chall/ingin_melompat # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/ku-ingin-melompat/chall/ingin_melompat b/ku-ingin-melompat/chall/ingin_melompat new file mode 100755 index 0000000..b4d73ab Binary files /dev/null and b/ku-ingin-melompat/chall/ingin_melompat differ diff --git a/ku-ingin-melompat/ingin_melompat.c b/ku-ingin-melompat/ingin_melompat.c new file mode 100644 index 0000000..9015d07 --- /dev/null +++ b/ku-ingin-melompat/ingin_melompat.c @@ -0,0 +1,82 @@ +//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin -mpreferred-stack-boundary=2 -m32 ingin_melompat.c -o ingin_melompat +#include +#include +#include +#include + +int wallet = 18; +char burung[8]; + +void secret_message(){ + system("/bin/sh"); +} + +void init(){ +setvbuf(stdin, NULL, _IONBF, 0); +setvbuf(stdout, NULL, _IONBF, 0); +setvbuf(stderr, NULL, _IONBF, 0); +} + +void buy_flag(){ + if(wallet < 999999999999) printf("kamu terlalu lemah dude :)\n"); + else secret_message(); +} +void jual_burung(){ + char buffer[64]; + printf("burung apa yang kamu mau jual ?\n"); + read(0,buffer,128); +} +void menu(){ + printf("+--------------------------------+\n"); + printf("------------PASAR BURUNG----------\n"); + printf("+--------------------------------+\n"); + printf("1. beli flag (999999 ruby)\n"); + printf("2. beli garuda (10 ruby)\n"); + printf("3. lihat burung yang udah di beli\n"); + printf("4. jual burung\n"); + printf("5. check wallet\n"); + printf("6. exit\n"); +} + +int main() +{ + while(1){ + char pilihan; + init(); + menu(); + printf(">>"); + fflush(stdout); + + scanf("%s",&pilihan); + switch(pilihan){ + case '1' : + buy_flag(); + break; + case '2' : + if(wallet > 10){ + printf("burung berhasil di beli\n"); + wallet = wallet - 10; + strcpy(burung,"garuda"); + } else printf("uang gak cukup!\n"); + break; + case '3' : + if(strlen(burung) == 0) printf("belum ada yang kamu beli!\n"); + else printf("burung yg dah di beli : %s\n",burung); + break; + case '4' : + jual_burung(); + break; + case '5' : + printf("isi wallet : %d ruby\n",wallet); + break; + case '6' : + printf("makasih udah berkunjung :)\n"); + exit(0); + break; + default : + fprintf(stderr,"bad request!\n"); + exit(0); + } +} + +} diff --git a/perintah_linux/aa.py b/perintah_linux/aa.py new file mode 100644 index 0000000..ca9c28e --- /dev/null +++ b/perintah_linux/aa.py @@ -0,0 +1,41 @@ +#!/usr/bin/python + +import sys +import os + +class Unbuffered(object): + def __init__(self, stream): + self.stream = stream + def write(self, data): + self.stream.write(data) + self.stream.flush() + def writelines(self, datas): + self.stream.writelines(datas) + self.stream.flush() + def __getattr__(self, attr): + return getattr(self.stream, attr) + +sys.stdout = Unbuffered(sys.stdout) +print" /$$ /$$ /$$$$$$ /$$ /$$$$$$$ /$$ /$$ /$$ /$$" +print" | $$ /$$/ /$$__ $$| $$ | $$__ $$| $$ /$ | $$| $$$ | $$" +print" | $$ /$$/ | $$ \__/| $$ | $$ \ $$| $$ /$$$| $$| $$$$| $$" +print" | $$$$$/ | $$$$$$ | $$ | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$" +print" | $$ $$ \____ $$| $$ | $$____/ | $$$$_ $$$$| $$ $$$$" +print" | $$\ $$ /$$ \ $$| $$ | $$ | $$$/ \ $$$| $$\ $$$" +print" | $$ \ $$| $$$$$$/| $$$$$$$$ | $$ | $$/ \ $$| $$ \ $$" +print" |__/ \__/ \______/ |________/ |__/ |__/ \__/|__/ \__/" +print" Author : Bagus Widhyasmara" +print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>" +print" " +print "clue --> The 3rd answer can be read use indonesian and english language !" +name = raw_input("Masukan nama anda : ") +print("Selamat datang "+name) +while True: + x = raw_input("enter your born place ") + y = input("enter your bornn year ") + z = input("how many letters o on born ? ") + if z == 1: + perlin = raw_input("silahkan ketik perintah linux apapun! ") + os.system(perlin) + exit(0) + diff --git a/ping-service/Dockerfile b/ping-service/Dockerfile new file mode 100644 index 0000000..7d2df0d --- /dev/null +++ b/ping-service/Dockerfile @@ -0,0 +1,31 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken + +# install socat editor ssh +RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{U14RZ_M4M4NXX_KERENZX_4ANEETTT!!}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/ping-service.py # ubah nama file +RUN chmod 775 /chall/ping-service.py # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ping-service.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/ping-service/chall/ping-service.py b/ping-service/chall/ping-service.py new file mode 100755 index 0000000..7fe780e --- /dev/null +++ b/ping-service/chall/ping-service.py @@ -0,0 +1,77 @@ +#!/usr/bin/python + +import sys, subprocess, re +from os import system as MaManX + +def make_secure(): + unsafe_word = ['__import__', 'eval', 'execfile', 'file', 'input', 'compile', 'reload'] + for unsafe in unsafe_word: + del __builtins__.__dict__[unsafe] + +class Unbuffered(object): + def __init__(self, stream): + self.stream = stream + def write(self, data): + self.stream.write(data) + self.stream.flush() + def writelines(self, datas): + self.stream.writelines(datas) + self.stream.flush() + def __getattr__(self, attr): + return getattr(self.stream, attr) + +sys.stdout = Unbuffered(sys.stdout) + +def banner(): + return ''' +\033[1;32mWELCOME TO MAMANX PINX SERVICE\033[1;m\033[1;31m + _ __ _____ _ _____ _____ _ _ _____ _____ _____ _____ _ _ _____ _____ _____ +| | / // ___|| | | ___ \|_ _|| \ | || __ \ / ___|| ___|| ___ \| | | ||_ _|/ __ \| ___| +| |/ / \ `--. | | | |_/ / | | | \| || | \/ \ `--. | |__ | |_/ /| | | | | | | / \/| |__ +| \ `--. \| | | __/ | | | . ` || | __ `--. \| __| | / | | | | | | | | | __| +| |\ \/\__/ /| |____ | | _| |_ | |\ || |_\ \ /\__/ /| |___ | |\ \ \ \./ / _| |_ | \__/\| |___ +\_| \_/\____/ \_____/ \_| \___/ \_| \_/ \____/ \____/ \____/ \_| \_| \___/ \___/ \_____/\____/ + \033[1;m +\033[1;32mversion [beta 1.1 MAMANK]\033[1;m + ''' +def displayMenu(): + return ''' +Choose a ksl ping service: + 1. Ping only one time + 2. Ping multiple times + 3. Exit MaManX +''' + +def main(): + make_secure() + print banner() + print displayMenu() + + userNumber = raw_input("Masukkan pilihan (1-3): ") + if userNumber == "1" : + host = raw_input("\nMasukkan alamat host : ") + p1 = subprocess.Popen(['ping','-c 5', host], stdout=subprocess.PIPE) + output = p1.communicate()[0] + print output + exit() + elif userNumber == "2" : + user = int(raw_input("\nMasukkan jumlah host: ")) + while user <= 1: + user = int(raw_input("\nMasukkan host lebih dari 1 MaManX: ")) + for o in range(user): + host = raw_input("Masukkan alamat host ke " +str(o+1) +" : ") + hosts= re.sub('[|,;]', '', host) + pings = MaManX('ping -c 5 ' + hosts ) + if (pings == 0): + print host.upper(), "IS UP MAMANX" + else : + print host.upper(), "IS LOST MAMANX" + print "" + elif userNumber == "3" : + print "\nTerimakasih telah menggunakan jasa kami MaManX" + exit() + else : + print "\nMaManX salah masukkin acchh :(" + exit() + +main() diff --git a/service-diary/diary32bit/Dockerfile b/service-diary/diary32bit/Dockerfile new file mode 100644 index 0000000..20a157e --- /dev/null +++ b/service-diary/diary32bit/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/diary32 # ubah nama file +RUN chmod 775 /chall/diary32 # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary32,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/service-diary/diary32bit/chall/diary32 b/service-diary/diary32bit/chall/diary32 new file mode 100755 index 0000000..4eb7b47 Binary files /dev/null and b/service-diary/diary32bit/chall/diary32 differ diff --git a/service-diary/diary32bit/diary32.c b/service-diary/diary32bit/diary32.c new file mode 100644 index 0000000..b293552 --- /dev/null +++ b/service-diary/diary32bit/diary32.c @@ -0,0 +1,47 @@ +//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin -mpreferred-stack-boundary=2 -m32 diary.c -o diary +#include +#include +#include + +void not_even_called(){ + puts("\nWelcome Garuda Muda\n"); + system("/bin/sh"); +} +void init(){ +setvbuf(stdin, NULL, _IONBF, 0); +setvbuf(stdout, NULL, _IONBF, 0); +setvbuf(stderr, NULL, _IONBF, 0); +} + +void tulisan(){ +puts("██████╗ ██╗ █████╗ ██████╗ ██╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗██╗ ██████╗███████╗"); +puts("██╔══██╗██║██╔══██╗██╔══██╗╚██╗ ██╔╝ ██╔════╝██╔════╝██╔══██╗██║ ██║██║██╔════╝██╔════╝"); +puts("██║ ██║██║███████║██████╔╝ ╚████╔╝ ███████╗█████╗ ██████╔╝██║ ██║██║██║ █████╗ "); +puts("██║ ██║██║██╔══██║██╔══██╗ ╚██╔╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██║██║ ██╔══╝ "); +puts("██████╔╝██║██║ ██║██║ ██║ ██║ ███████║███████╗██║ ██║ ╚████╔╝ ██║╚██████╗███████╗"); +puts("╚═════╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚═╝ ╚═════╝╚══════╝\n"); +} + +int main() +{ +init(); +char a[4]; +int b; +char c[16]; + +strcpy(a,"KSL"); +b = 14045; + +tulisan(); +printf("Welcome to Diary Application \n"); +printf("write something : "); +gets(c); +if(strlen(c) > 20){ + printf("karakter gak boleh lebih dari 20\n"); +} else{ + if(b == 0x67616c66) not_even_called(); + else printf("isi diary kamu : %s\n",c); +} +exit(0); +} + diff --git a/service-diary/diary64bit/Dockerfile b/service-diary/diary64bit/Dockerfile new file mode 100644 index 0000000..1d4df85 --- /dev/null +++ b/service-diary/diary64bit/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/diary64 # ubah nama file +RUN chmod 775 /chall/diary64 # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary64,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/service-diary/diary64bit/chall/diary64 b/service-diary/diary64bit/chall/diary64 new file mode 100755 index 0000000..3b2165b Binary files /dev/null and b/service-diary/diary64bit/chall/diary64 differ diff --git a/service-diary/diary64bit/diary64.c b/service-diary/diary64bit/diary64.c new file mode 100644 index 0000000..1aa8ef1 --- /dev/null +++ b/service-diary/diary64bit/diary64.c @@ -0,0 +1,48 @@ +//gcc -g -no-pie -fno-stack-protector -fno-pic -fno-builtin diary64.c -o diary64 +#include +#include +#include + +void not_even_called(){ + printf("\nwelcome garuda muda\n"); + system("/bin/sh"); +} + +void init(){ +setvbuf(stdin, NULL, _IONBF, 0); +setvbuf(stdout, NULL, _IONBF, 0); +setvbuf(stderr, NULL, _IONBF, 0); +} + +void tulisan(){ +puts("██████╗ ██╗ █████╗ ██████╗ ██╗ ██╗ ███████╗███████╗██████╗ ██╗ ██╗██╗ ██████╗███████╗"); +puts("██╔══██╗██║██╔══██╗██╔══██╗╚██╗ ██╔╝ ██╔════╝██╔════╝██╔══██╗██║ ██║██║██╔════╝██╔════╝"); +puts("██║ ██║██║███████║██████╔╝ ╚████╔╝ ███████╗█████╗ ██████╔╝██║ ██║██║██║ █████╗ "); +puts("██║ ██║██║██╔══██║██╔══██╗ ╚██╔╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██║██║ ██╔══╝ "); +puts("██████╔╝██║██║ ██║██║ ██║ ██║ ███████║███████╗██║ ██║ ╚████╔╝ ██║╚██████╗███████╗"); +puts("╚═════╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚═╝ ╚═════╝╚══════╝\n"); +} + +int main() +{ +init(); +char a[4]; +int b; +char c[64]; + +strcpy(a,"KSL"); +b = 14045; + +tulisan(); +printf("Welcome to Diary Application \n"); +printf("write something : "); +gets(c); +if(strlen(c) > 20){ + printf("karakter gak boleh lebih dari 20\n"); +} else{ + if(b == 0x67616c66) not_even_called(); + else printf("isi diary kamu : %s\n",c); +} +exit(0); +} +