diff --git a/README.md b/README.md index 21491d2..4e4df31 100644 --- a/README.md +++ b/README.md @@ -37,4 +37,6 @@ Chall: --> 30702 8. service_agent - --> 30802 \ No newline at end of file + --> 30802 +9. kesek-kesek + --> 30902 diff --git a/kesek-kesek/Dockerfile b/kesek-kesek/Dockerfile new file mode 100644 index 0000000..26bd7c6 --- /dev/null +++ b/kesek-kesek/Dockerfile @@ -0,0 +1,38 @@ +# Use ubuntu 16.04 +FROM ubuntu:16.04 + +#RUN apt-get update && apt-get -y dist-upgrade --fix-missing --fix-broken +#RUN apt-get update +#RUN apt-get update && apt-get install -y apt-transport-https +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP/ubuntu14/2.x/updates/2.4.2.0 HDP main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb http://private-repo-1.hortonworks.com/HDP-UTILS-1.1.0.20/repos/ubuntu14 HDP-UTILS main' >> /etc/apt/sources.list.d/HDP.list +#RUN echo 'deb [arch=amd64] https://apt-mo.trafficmanager.net/repos/azurecore/ trusty main' >> /etc/apt/sources.list.d/azure-public-trusty.list + +# install socat editor ssh +#RUN apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y +#RUN apt-get install socat lib32ncurses5 -y +RUN apt-get update && apt-get install curl netcat-openbsd vim nano openssh-server socat lib32ncurses5 python python-pip python-dev -y + +RUN adduser --disabled-password --gecos "" ksl +RUN echo "ksl:sebuahrahasiamas" | chpasswd + +ADD chall/. /chall +WORKDIR /chall + +RUN echo 'KSL{Upps_Yo0_Th3_R3AA#$L_FuCkB0y}' > /chall/flag.txt # ubah isi flagnya + +# Secure ENV + +RUN echo 'alias kill="echo no kill please!"' >> ~/.bashrc +RUN chmod 700 /tmp /var/tmp /usr/bin/* /bin/* /dev/shm +RUN chmod 755 /usr/bin/env /bin/dash /bin/bash /bin/sh /bin/nc /bin/cat /usr/bin/curl /usr/bin/groups /usr/bin/id /bin/ls /usr/bin/python + + +RUN chown root:ksl /chall/membuat # ubah nama file +RUN chmod 775 /chall/membuat # ubah nama file + +# Run Service + +RUN echo '#!/bin/bash'"\n(socat TCP-LISTEN:7000,reuseaddr,fork EXEC:"/chall/membuat,su=nobody")" > /var/tmp/.start.sh && chmod +x /var/tmp/.start.sh + +CMD ["/var/tmp/.start.sh"] diff --git a/kesek-kesek/chall/membuat b/kesek-kesek/chall/membuat new file mode 100755 index 0000000..32c74ee Binary files /dev/null and b/kesek-kesek/chall/membuat differ diff --git a/kesek-kesek/membuat.c b/kesek-kesek/membuat.c new file mode 100644 index 0000000..845af8b --- /dev/null +++ b/kesek-kesek/membuat.c @@ -0,0 +1,17 @@ +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + char buffer[64]; + char vuln[64]; + printf("masukan nama anda : "); + fflush(stdout); + gets(buffer); + printf("selamat datang %s\n",buffer); + printf("buffer ada di : %p\n",vuln); + fflush(stdout); + gets(vuln); +}