Merge branch 'master' of https://git.stikom-bali.ac.id/mamang/soal_pwn_ksl_seleksi

Kepala/Dockerfile

@@ -0,0 +1,33 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+
+# install socat editor ssh
+RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev ruby-full -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN cp /usr/bin/ruby /usr/local/bin/
+RUN cp /usr/bin/curl /usr/local/bin/
+RUN echo 'KSL{n0T_0nLy_p1P3_L1n3_C4n_D0_Th4T}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python /usr/bin/ruby
+
+
+RUN chown root:ksl /chall/header.rb # ubah nama file
+RUN chmod 775 /chall/header.rb # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5550,reuseaddr,fork EXEC:"/chall/header.rb,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

Kepala/header.rb

@@ -3,6 +3,10 @@ puts "By: Oka Aditya"
 print "Masukan Alamat Web : "
 url = gets.chomp
 
-puts "Silakan mengunjungi link di bawah untuk mendapatkan headernya"
+if url.include? "|" or url.include? "&&" or url.include "||"
+  abort "Hacking Detected"
 
-system("curl -I -s #{url} | curl -F 'clbin=<-' https://clbin.com")
+else
+	puts "Silakan mengunjungi link di bawah untuk mendapatkan headernya"
+	system("curl -I -s #{url} | curl -F 'clbin=<-' https://clbin.com")
+end

Perintah linux/aaa.py

@@ -1,36 +0,0 @@
-#!/usr/bin/python
-
-import sys
-import os
-
-class Unbuffered(object):
-   def __init__(self, stream):
-       self.stream = stream
-   def write(self, data):
-       self.stream.write(data)
-       self.stream.flush()
-   def writelines(self, datas):
-       self.stream.writelines(datas)
-       self.stream.flush()
-   def __getattr__(self, attr):
-       return getattr(self.stream, attr)
-
-sys.stdout = Unbuffered(sys.stdout)
-print"      /$$   /$$  /$$$$$$  /$$             /$$$$$$$  /$$      /$$ /$$   /$$"
-print"     | $$  /$$/ /$$__  $$| $$            | $$__  $$| $$  /$ | $$| $$$ | $$"
-print"     | $$ /$$/ | $$  \__/| $$            | $$  \ $$| $$ /$$$| $$| $$$$| $$"
-print"     | $$$$$/  |  $$$$$$ | $$            | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$"
-print"     | $$  $$   \____  $$| $$            | $$____/ | $$$$_  $$$$| $$  $$$$"
-print"     | $$\  $$  /$$  \ $$| $$            | $$      | $$$/ \  $$$| $$\  $$$"
-print"     | $$ \  $$|  $$$$$$/| $$$$$$$$      | $$      | $$/   \  $$| $$ \  $$"
-print"     |__/  \__/ \______/ |________/      |__/      |__/     \__/|__/  \__/"
-print"     Author : Bagus Widhyasmara"
-print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>"
-print" "
-name = raw_input("Masukan nama anda : ")
-print("Selamat datang "+name)
-perlin = raw_input("silahkan ketik perintah linux apapun! ")
-os.system(perlin)
-print("{flag=you_get_the_flag}")
-
-

README.md

@@ -1 +1,40 @@
-Kumpulan Soal PWN KSL untuk seleksi mahasiswa baru KSL 2018
+Kumpulan Soal PWN KSL untuk seleksi mahasiswa baru KSL 2018
+
+Berikut merupakan list port yang digunakan untuk masing-masing soal pada saat proses deployment di VPS 103.200.7.150.
+
+Workspace Directory : /home/soal/KSL_SELEKSI_MABA2018
+
+Buatlah folder baru sesuai dengan nama challenge yang kalian buat.
+example directory hierarchy:
+
+--KSL_SELEKSI_MABA2018
+----Kepala
+------Dockerfile
+------chall
+------etc..
+   
+Chall:
+
+1. Kepala 
+   --> 30101
+   
+2. calc-pwn	
+   --> 30201
+   
+3. ku-ingin-lompat-sambil-jumping
+   --> 30301
+   
+4. ku-ingin-melompat	
+   --> 30401
+   
+5. perintah_linux	
+   --> 30502
+   
+6. ping-service
+   --> 30602
+   
+7. service-diary	
+   --> 30702
+   
+8. service_agent
+   --> 30802

ku-ingin-lompat-sambil-jumping/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{Welc0me_t0_PWn_W0rLd!1!}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/ingin_melompat2 # ubah nama file
+RUN chmod 775 /chall/ingin_melompat2 # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat2,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

ku-ingin-lompat-sambil-jumping/ingin_melompat2.c

@@ -38,9 +38,9 @@ void jual_burung(){
 }
 void menu(){
   printf("+--------------------------------+\n");
-  printf("------------PASAR BURUNG----------\n");
+  printf("---------PASAR BURUNG 2.0---------\n");
   printf("+--------------------------------+\n");
-  printf("1. beli flag (999999 ruby)\n");
+  printf("1. beli flag (sawit 1 hektar)\n");
   printf("2. beli garuda (10 ruby)\n");
   printf("3. lihat burung yang udah di beli\n");
   printf("4. jual burung\n");

ku-ingin-melompat/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{W1th_R3turn_Y0U_C4n_Ch4nges_w0RlD}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/ingin_melompat # ubah nama file
+RUN chmod 775 /chall/ingin_melompat # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

perintah_linux/Dockerfile

@@ -0,0 +1,31 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+
+# install socat editor ssh
+RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{FEEL_BETTER_USE_LINUX}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/perintah_linux.py # ubah nama file
+RUN chmod 775 /chall/perintah_linux.py # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/perintah_linux.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

Perintah linux/aa.py → perintah_linux/chall/perintah_linux.py

@@ -28,17 +28,14 @@ print"     Author : Bagus Widhyasmara"
 print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>"
 print" "
 print "clue --> The 3rd answer can be read use indonesian and english language !"
-
-flag1 = "{flag=you_are_jenius}"
-
+print" "
+name = raw_input("Masukan nama anda : ")
+print("Selamat datang "+name)
 while True:
   x = raw_input("enter your born place ")
-  y = input("enter your bornn year ")
-  z = input("how many letters o on born ? ")
+  y = input("enter your born year ")
+  z = input("how many letters 'o' on born ? ")
   if z == 1:
     perlin = raw_input("silahkan ketik perintah linux apapun! ")
     os.system(perlin)
-    print "Here ya go! ", flag1
-    exit(0)
-  else:
-    print "{fIa9=YOU_VERY_STUPID_!!!}"
+

service-diary/diary32bit/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/diary32 # ubah nama file
+RUN chmod 775 /chall/diary32 # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary32,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

service-diary/diary64bit/Dockerfile

@@ -0,0 +1,38 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+#RUN apt-get update
+#RUN apt-get update && apt-get install -y apt-transport-https
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list
+#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list
+
+# install socat editor ssh
+#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+#RUN apt-get install socat lib32ncurses5 -y
+RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall
+WORKDIR /chall
+
+RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python
+
+
+RUN chown root:ksl /chall/diary64 # ubah nama file
+RUN chmod 775 /chall/diary64 # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary64,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

service_agent/Dockerfile

@@ -0,0 +1,32 @@
+# Use ubuntu 16.04
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken
+
+# install socat editor ssh
+RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev ruby-full -y
+
+RUN adduser --disabled-password --gecos "" ksl
+RUN echo "ksl:sebuahrahasiamas" | chpasswd
+
+ADD chall/. /chall #membuat direktory chall
+WORKDIR /chall #direktory chall akan digunakan sebagai tempat kerja
+
+RUN cp /usr/bin/ruby /usr/local/bin/
+RUN echo 'KSL{t3RM1naL_Linux_3azy}'  > /chall/flag.txt # ubah isi flagnya
+
+# Secure ENV
+
+RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc
+RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm #memberi hak akses 
+RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python /usr/bin/ruby
+
+
+RUN chown root:ksl /chall/service_agent.rb # ubah nama file
+RUN chmod 775 /chall/service_agent.rb # ubah nama file
+
+# Run Service
+
+RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/service_agent.rb,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh
+
+CMD ["/var/tmp/.start.sh"]

service_agent/chall/service_agent.rb

@@ -0,0 +1,27 @@
+#!/usr/local/bin/ruby
+
+def main
+	puts "================================================================================================================================================================================================"
+	puts "=============================================================================SELAMAT DATANG DI PORTAL RAHASIA==================================================================================="
+	puts "================================================================================================================================================================================================"
+	print "Masukan Kode Rahasia Agen: "
+	code = gets.chomp
+
+	if code == "KSL_SECRET_TEAM007" then
+	  puts "================================================================================================================================================================================================"
+	  puts "==========================================================Selamat datang agen KSL, ini adalah sesi control panel anda. Gunakan dengan bijak!===================================================="
+	  puts "================================================================================================================================================================================================"
+	  print "Enter Secret Command : "
+	  sc = gets.chomp
+	  system("#{sc}")
+	else
+	  abort "Maaf Kode yang anda salah!"
+	end
+end
+
+if __FILE__ == $0
+    $stdout.sync = true
+    $stdin.sync = true
+    main
+end
+

service_agent/server.sh

@@ -0,0 +1,2 @@
+#!/bin/bash  
+socat TCP-LISTEN:5000,reuseaddr,fork EXEC:./service_agent.rb