Vreo vulnerabilitate ceva?

actunderdc · March 27, 2011

Ok, deci am un website facut de facultate pe care este pus un checker pe linux care imi verifica tema (c++) comparand outputurile mele cu cele originale. Pe site pot face oricate uploaduri pana la deadline, de fiecare data afisandu-mi rezultatul in urmatorul format:

Erori vmchecker

vmexecutor exitcode 0 (success)

Compilarea temei ?i a testelor (stdout)

Adresa IP a masinii virtuale este:

127.0.0.1

checker: checking

homework contents:

Archive: archive.zip

Length Date Time Name

--------- ---------- ----- ----

65 2011-03-26 22:47 Makefile

78 2011-03-26 23:25 tema1.cpp

--------- -------

143 2 files

unpacking ...

tests.zip size: 58095

cc -Wall -lm tracker.c -o tracker

checker: building

fixing file dates ...

g++ -o tema1 tema1.cpp

/tmp/ccI4GQeV.o: In function `main':

tema1.cpp:(.text+0x1d): warning: the `gets' function is dangerous and should not be used.

checker: building done

Compilarea temei ?i a testelor (stderr)

Archive: archive.zip

inflating: Makefile

inflating: tema1.cpp

Archive: tests.zip

creating: checker/

creating: input/

creating: misc/

creating: refs/

inflating: checker/Makefile

extracting: checker/java.timeout

extracting: checker/c.timeout

extracting: checker/verify

extracting: checker/py.timeout

inflating: checker/tracker.c

inflating: input/19-spelling.in

inflating: input/18-spelling.in

inflating: input/17-spelling.in

inflating: input/16-spelling.in

extracting: input/15-spelling.in

extracting: input/14-spelling.in

extracting: input/13-spelling.in

inflating: input/12-spelling.in

extracting: input/11-spelling.in

extracting: input/10-spelling.in

inflating: input/09-spelling.in

extracting: input/08-spelling.in

extracting: input/07-spelling.in

inflating: input/06-spelling.in

inflating: input/05-spelling.in

extracting: input/04-spelling.in

extracting: input/03-spelling.in

extracting: input/02-spelling.in

extracting: input/01-spelling.in

extracting: input/00-spelling.in

inflating: misc/dict.txt

inflating: refs/19-spelling.ok

inflating: refs/18-spelling.ok

inflating: refs/17-spelling.ok

inflating: refs/16-spelling.ok

extracting: refs/15-spelling.ok

extracting: refs/14-spelling.ok

extracting: refs/13-spelling.ok

extracting: refs/12-spelling.ok

extracting: refs/11-spelling.ok

extracting: refs/10-spelling.ok

inflating: refs/09-spelling.ok

extracting: refs/08-spelling.ok

extracting: refs/07-spelling.ok

inflating: refs/06-spelling.ok

inflating: refs/05-spelling.ok

extracting: refs/04-spelling.ok

extracting: refs/03-spelling.ok

extracting: refs/02-spelling.ok

extracting: refs/01-spelling.ok

extracting: refs/00-spelling.ok

Execu?ia testelor (stdout)

language: C/C++

Time limit: 2.5 seconds

00-spelling: passed

time: 0.023995 seconds

01-spelling: failed

time: 0.022996 seconds

02-spelling: failed

time: 0.022996 seconds

03-spelling: failed

time: 0.022996 seconds

04-spelling: passed

time: 0.023995 seconds

05-spelling: passed

time: 0.023996 seconds

06-spelling: failed

time: 0.023995 seconds

07-spelling: passed

time: 0.022996 seconds

08-spelling: failed

time: 0.023995 seconds

09-spelling: failed

time: 0.023996 seconds

10-spelling: failed

time: 0.023996 seconds

11-spelling: failed

time: 0.028994 seconds

12-spelling: failed

time: 0.023996 seconds

13-spelling: passed

time: 0.024996 seconds

14-spelling: failed

time: 0.023995 seconds

15-spelling: failed

time: 0.023996 seconds

16-spelling: failed

time: 0.023996 seconds

17-spelling: failed

time: 0.023995 seconds

18-spelling: failed

time: 0.024996 seconds

19-spelling: failed

time: 0.024996 seconds

results: 5 passed, 15 failed

Execu?ia testelor (stderr)

Important este faptul ca eu de fiecare data trimit o arhiva .zip continand codul sursa .cpp si un makefile. Ideea este ca masina ruleaza de fiecare data codul meu pentru a compara rezultatele obtinute.

Intrebare: Aveti idee de o bucata de cod sursa pe care sa o scriu in .cpp si sa o uploadez astfel incat sa pun mana pe teste? Eu consider ca acest checker imi da cateva informatii esentiale despre fisierele lui (existenta fisierului tests.zip) etc

Paul4games · March 27, 2011

Poi daca serverul executa codul scris in c++ de ce nu incerci un exploit,sa vezi daca il executa si daca da de aici poti face mult(incercare de root exploit/adaugare unui remote shell/use you're imagination).

Flubber · March 27, 2011

Poi daca serverul executa codul scris in c++ de ce nu incerci un exploit,sa vezi daca il executa si daca da de aici poti face mult(incercare de root exploit/adaugare unui remote shell/use you're imagination).

Nu este chiar asa de simplu, asta ar insemna ca al nostru coleg (pentru a evita cacofonia) s-ar duce blind. In primul rand, incearca un port & service scan de pe masini... uhm... "p?pate" (heh), iar apoi in functie de ce informatii ai, incearca sa gasesti cat mai multe despre tinta ta (acest atac fiind unul targeted), apoi vezi ce poti folosii in avantajul tau si ce nu. Faptul ca iti ruleaza codul C++ este un avantaj, dar banuiesc ca se foloseste de o masina virtuala in special pentru a creea acel raport de compilare si nu numai. Intai incearca sa obtii cat mai multa informatie, foloseste TRIAL & ERROR doar ca ultima optiune, fiindca lasi in urma foarte multe log-uri.

Un inceput: nmap + optiuni ca stealth si propagare pachete de la un ip spoofed (daca se poate).

Bafta!

// Is beat (nu stiu cu ce te ajuta detaliul asta)

Sign In

Vreo vulnerabilitate ceva?

Recommended Posts

actunderdc

Paul4games

Flubber

Join the conversation

Browse

Activity

Pages