Py-Tong (Exploit, Python, Warchall)
Py-Tong
A fellow hacker is challenging you to exploit a simple python script.
To exploit it live, you have to create your Warchall account and try your luck there.
To see what it is about you can also view the source here.
Note: It is not required to trigger a race condition, but it should work as well.
Note: You have to use the binary "pytong" not the pytong.py. It is a wrapper which is needed for SETREGID and finally gives the solution.
Happy Challenging!
To exploit it live, you have to create your Warchall account and try your luck there.
To see what it is about you can also view the source here.
Note: It is not required to trigger a race condition, but it should work as well.
Note: You have to use the binary "pytong" not the pytong.py. It is a wrapper which is needed for SETREGID and finally gives the solution.
Happy Challenging!
GeSHi`ed python code for pytong.py
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 27 28 29 3031 32 33 34 3536 37 38 39 4041 42 43 44 4546 47 48 49 5051 52 53 54 5556 57 58 59 60 | #!/usr/bin/python import sys import os import os.path SOLUTION = "/home/level/12/solution.txt" # Your main objective is to return True def main(filepath): # We want to prevent some noobish solutions if any(ipattern in filepath for ipattern in ('proc', 'uptime', 'tmp', 'random', 'full', 'zero', 'null')): raise ValueError('nononono: hacking is not allowed') # You have to give me an valid file! if not os.path.exists(filepath): raise ValueError('sorry file "%s" does not exists' % filepath) # We are opening the file here and store the content in 'jjk' print('opening %s' % filepath) with open(filepath) as gizmore: jjk = gizmore.read() print('closed') # The file was closed, does it still exists? if not os.path.exists(filepath): # The file does not exists anymore, you have found a solution print('You are l33t') return True else: # Ok, we will reopen the file and store its content in 'kwisatz' with open(filepath) as spaceone: kwisatz = spaceone.read() # Does the content differs from old content? if jjk != kwisatz: # content differs so return True print('You are a winner') return True raise ValueError('fail...') if __name__ == "__main__": if len(sys.argv) < 2: print('wrong argcount') sys.exit(1) try: # Objective: return True here! success = main(sys.argv[1]) except (ValueError, OSError, IOError) as exc: print('%s' % (exc,)) sys.exit(3) else: #os.setuid(os.geteuid()) os.setgid(os.getegid()) with open(SOLUTION) as fd: print(fd.read()) |
© 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by space