diff --git a/Kepala/Dockerfile b/Kepala/Dockerfile new file mode 100644 index 0000000..95099a0 --- /dev/null +++ b/Kepala/Dockerfile @@ -0,0 +1,33 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken + +# install socat editor ssh +RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev ruby-full -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN cp /usr/bin/ruby /usr/local/bin/ +RUN cp /usr/bin/curl /usr/local/bin/ +RUN echo 'KSL{n0T_0nLy_p1P3_L1n3_C4n_D0_Th4T}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python /usr/bin/ruby + + +RUN chown root:ksl /chall/header.rb # ubah nama file +RUN chmod 775 /chall/header.rb # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:5550,reuseaddr,fork EXEC:"/chall/header.rb,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/Kepala/header.rb b/Kepala/header.rb index edf471d..f4749b8 100644 --- a/Kepala/header.rb +++ b/Kepala/header.rb @@ -3,6 +3,10 @@ puts "By: Oka Aditya" print "Masukan Alamat Web : " url = gets.chomp -puts "Silakan mengunjungi link di bawah untuk mendapatkan headernya" +if url.include? "|" or url.include? "&&" or url.include "||" + abort "Hacking Detected" -system("curl -I -s #{url} | curl -F 'clbin=<-' https://clbin.com") +else + puts "Silakan mengunjungi link di bawah untuk mendapatkan headernya" + system("curl -I -s #{url} | curl -F 'clbin=<-' https://clbin.com") +end diff --git a/Perintah linux/aaa.py b/Perintah linux/aaa.py deleted file mode 100644 index cdd8eb3..0000000 --- a/Perintah linux/aaa.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python - -import sys -import os - -class Unbuffered(object): - def __init__(self, stream): - self.stream = stream - def write(self, data): - self.stream.write(data) - self.stream.flush() - def writelines(self, datas): - self.stream.writelines(datas) - self.stream.flush() - def __getattr__(self, attr): - return getattr(self.stream, attr) - -sys.stdout = Unbuffered(sys.stdout) -print" /$$ /$$ /$$$$$$ /$$ /$$$$$$$ /$$ /$$ /$$ /$$" -print" | $$ /$$/ /$$__ $$| $$ | $$__ $$| $$ /$ | $$| $$$ | $$" -print" | $$ /$$/ | $$ \__/| $$ | $$ \ $$| $$ /$$$| $$| $$$$| $$" -print" | $$$$$/ | $$$$$$ | $$ | $$$$$$$/| $$/$$ $$ $$| $$ $$ $$" -print" | $$ $$ \____ $$| $$ | $$____/ | $$$$_ $$$$| $$ $$$$" -print" | $$\ $$ /$$ \ $$| $$ | $$ | $$$/ \ $$$| $$\ $$$" -print" | $$ \ $$| $$$$$$/| $$$$$$$$ | $$ | $$/ \ $$| $$ \ $$" -print" |__/ \__/ \______/ |________/ |__/ |__/ \__/|__/ \__/" -print" Author : Bagus Widhyasmara" -print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>" -print" " -name = raw_input("Masukan nama anda : ") -print("Selamat datang "+name) -perlin = raw_input("silahkan ketik perintah linux apapun! ") -os.system(perlin) -print("{flag=you_get_the_flag}") - - diff --git a/README.md b/README.md index 2fd2a44..21491d2 100644 --- a/README.md +++ b/README.md @@ -1 +1,40 @@ -Kumpulan Soal PWN KSL untuk seleksi mahasiswa baru KSL 2018 \ No newline at end of file +Kumpulan Soal PWN KSL untuk seleksi mahasiswa baru KSL 2018 + +Berikut merupakan list port yang digunakan untuk masing-masing soal pada saat proses deployment di VPS 103.200.7.150. + +Workspace Directory : /home/soal/KSL_SELEKSI_MABA2018 + +Buatlah folder baru sesuai dengan nama challenge yang kalian buat. +example directory hierarchy: + +--KSL_SELEKSI_MABA2018 +----Kepala +------Dockerfile +------chall +------etc.. + +Chall: + +1. Kepala + --> 30101 + +2. calc-pwn + --> 30201 + +3. ku-ingin-lompat-sambil-jumping + --> 30301 + +4. ku-ingin-melompat + --> 30401 + +5. perintah_linux + --> 30502 + +6. ping-service + --> 30602 + +7. service-diary + --> 30702 + +8. service_agent + --> 30802 \ No newline at end of file diff --git a/ku-ingin-lompat-sambil-jumping/Dockerfile b/ku-ingin-lompat-sambil-jumping/Dockerfile new file mode 100644 index 0000000..8cce19c --- /dev/null +++ b/ku-ingin-lompat-sambil-jumping/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{Welc0me_t0_PWn_W0rLd!1!}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/ingin_melompat2 # ubah nama file +RUN chmod 775 /chall/ingin_melompat2 # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat2,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/ku-ingin-lompat-sambil-jumping/ingin_melompat2 b/ku-ingin-lompat-sambil-jumping/chall/ingin_melompat2 similarity index 84% rename from ku-ingin-lompat-sambil-jumping/ingin_melompat2 rename to ku-ingin-lompat-sambil-jumping/chall/ingin_melompat2 index 6124634..790665c 100755 Binary files a/ku-ingin-lompat-sambil-jumping/ingin_melompat2 and b/ku-ingin-lompat-sambil-jumping/chall/ingin_melompat2 differ diff --git a/ku-ingin-lompat-sambil-jumping/ingin_melompat2.c b/ku-ingin-lompat-sambil-jumping/ingin_melompat2.c index 9a8df08..18ef5f8 100644 --- a/ku-ingin-lompat-sambil-jumping/ingin_melompat2.c +++ b/ku-ingin-lompat-sambil-jumping/ingin_melompat2.c @@ -38,9 +38,9 @@ void jual_burung(){ } void menu(){ printf("+--------------------------------+\n"); - printf("------------PASAR BURUNG----------\n"); + printf("---------PASAR BURUNG 2.0---------\n"); printf("+--------------------------------+\n"); - printf("1. beli flag (999999 ruby)\n"); + printf("1. beli flag (sawit 1 hektar)\n"); printf("2. beli garuda (10 ruby)\n"); printf("3. lihat burung yang udah di beli\n"); printf("4. jual burung\n"); diff --git a/ku-ingin-melompat/Dockerfile b/ku-ingin-melompat/Dockerfile new file mode 100644 index 0000000..fcad5f4 --- /dev/null +++ b/ku-ingin-melompat/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{W1th_R3turn_Y0U_C4n_Ch4nges_w0RlD}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/ingin_melompat # ubah nama file +RUN chmod 775 /chall/ingin_melompat # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/ingin_melompat,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/ku-ingin-melompat/ingin_melompat b/ku-ingin-melompat/chall/ingin_melompat similarity index 100% rename from ku-ingin-melompat/ingin_melompat rename to ku-ingin-melompat/chall/ingin_melompat diff --git a/perintah_linux/Dockerfile b/perintah_linux/Dockerfile new file mode 100644 index 0000000..ef066b3 --- /dev/null +++ b/perintah_linux/Dockerfile @@ -0,0 +1,31 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken + +# install socat editor ssh +RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{FEEL_BETTER_USE_LINUX}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/perintah_linux.py # ubah nama file +RUN chmod 775 /chall/perintah_linux.py # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/perintah_linux.py,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/Perintah linux/aa.py b/perintah_linux/chall/perintah_linux.py similarity index 87% rename from Perintah linux/aa.py rename to perintah_linux/chall/perintah_linux.py index 246f346..da73089 100644 --- a/Perintah linux/aa.py +++ b/perintah_linux/chall/perintah_linux.py @@ -28,17 +28,14 @@ print" Author : Bagus Widhyasmara" print "<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>" print" " print "clue --> The 3rd answer can be read use indonesian and english language !" - -flag1 = "{flag=you_are_jenius}" - +print" " +name = raw_input("Masukan nama anda : ") +print("Selamat datang "+name) while True: x = raw_input("enter your born place ") - y = input("enter your bornn year ") - z = input("how many letters o on born ? ") + y = input("enter your born year ") + z = input("how many letters 'o' on born ? ") if z == 1: perlin = raw_input("silahkan ketik perintah linux apapun! ") os.system(perlin) - print "Here ya go! ", flag1 - exit(0) - else: - print "{fIa9=YOU_VERY_STUPID_!!!}" + diff --git a/service-diary/diary32bit/Dockerfile b/service-diary/diary32bit/Dockerfile new file mode 100644 index 0000000..20a157e --- /dev/null +++ b/service-diary/diary32bit/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/diary32 # ubah nama file +RUN chmod 775 /chall/diary32 # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary32,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/service-diary/diary32 b/service-diary/diary32bit/chall/diary32 similarity index 100% rename from service-diary/diary32 rename to service-diary/diary32bit/chall/diary32 diff --git a/service-diary/diary32.c b/service-diary/diary32bit/diary32.c similarity index 100% rename from service-diary/diary32.c rename to service-diary/diary32bit/diary32.c diff --git a/service-diary/diary64bit/Dockerfile b/service-diary/diary64bit/Dockerfile new file mode 100644 index 0000000..1d4df85 --- /dev/null +++ b/service-diary/diary64bit/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{Y0u_N0w_H0w_contr0l_St4cK!1!1}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/diary64 # ubah nama file +RUN chmod 775 /chall/diary64 # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/diary64,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/service-diary/diary64 b/service-diary/diary64bit/chall/diary64 similarity index 100% rename from service-diary/diary64 rename to service-diary/diary64bit/chall/diary64 diff --git a/service-diary/diary64.c b/service-diary/diary64bit/diary64.c similarity index 100% rename from service-diary/diary64.c rename to service-diary/diary64bit/diary64.c diff --git a/service_agent/Dockerfile b/service_agent/Dockerfile new file mode 100644 index 0000000..e044cfc --- /dev/null +++ b/service_agent/Dockerfile @@ -0,0 +1,32 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken + +# install socat editor ssh +RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev ruby-full -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall #membuat direktory chall +WORKDIR /chall #direktory chall akan digunakan sebagai tempat kerja + +RUN cp /usr/bin/ruby /usr/local/bin/ +RUN echo 'KSL{t3RM1naL_Linux_3azy}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /usr/bin/* /bin/* /dev/shm #memberi hak akses +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python /usr/bin/ruby + + +RUN chown root:ksl /chall/service_agent.rb # ubah nama file +RUN chmod 775 /chall/service_agent.rb # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/service_agent.rb,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/service_agent/chall/service_agent.rb b/service_agent/chall/service_agent.rb new file mode 100755 index 0000000..b10b1a2 --- /dev/null +++ b/service_agent/chall/service_agent.rb @@ -0,0 +1,27 @@ +#!/usr/local/bin/ruby + +def main + puts "================================================================================================================================================================================================" + puts "=============================================================================SELAMAT DATANG DI PORTAL RAHASIA===================================================================================" + puts "================================================================================================================================================================================================" + print "Masukan Kode Rahasia Agen: " + code = gets.chomp + + if code == "KSL_SECRET_TEAM007" then + puts "================================================================================================================================================================================================" + puts "==========================================================Selamat datang agen KSL, ini adalah sesi control panel anda. Gunakan dengan bijak!====================================================" + puts "================================================================================================================================================================================================" + print "Enter Secret Command : " + sc = gets.chomp + system("#{sc}") + else + abort "Maaf Kode yang anda salah!" + end +end + +if __FILE__ == $0 + $stdout.sync = true + $stdin.sync = true + main +end + diff --git a/service_agent/server.sh b/service_agent/server.sh new file mode 100755 index 0000000..3a1a310 --- /dev/null +++ b/service_agent/server.sh @@ -0,0 +1,2 @@ +#!/bin/bash +socat TCP-LISTEN:5000,reuseaddr,fork EXEC:./service_agent.rb