cato447/BinexProject
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Address CVE-2024-42471 (#9)

Browse Source 
* Fix CVE-2024-42471
* Include fnetd into repository, download link is broken
This commit is contained in:
Maier Johannes
2024-09-13 23:21:32 +10:00
committed by GitHub
parent 5df3832489
commit 45af305522
9 changed files with 22 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/ci.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
make make
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v4
with: with:
name: vuln-artifact name: vuln-artifact
path: build/vuln path: build/vuln
@@ -39,22 +39,12 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/download-artifact@v3 - uses: actions/download-artifact@v4
name: Download build artifacts name: Download build artifacts
with: with:
name: vuln-artifact name: vuln-artifact
path: build/ path: build/
- name: Install fnetd
run: |
wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O fnetd.tar.xz
tar -xf fnetd.tar.xz
mkdir fnetd/build
cd fnetd/build
cmake .. -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
make
cd ../..
- name: Setup get_flag - name: Setup get_flag
run: gcc tests/get_flag.c -o get_flag -O3 run: gcc tests/get_flag.c -o get_flag -O3
@@ -63,7 +53,7 @@ jobs:
with: with:
run: | run: |
chmod +x build/vuln chmod +x build/vuln
fnetd/build/fnetd -p 1337 -lt 2 -lm 536870912 build/vuln & ./fnetd -p 1337 -lt 2 -lm 536870912 build/vuln &
tail: true tail: true
wait-on: tcp:localhost:1337 wait-on: tcp:localhost:1337

5
CMakeLists.txt
View File

@@ -7,4 +7,7 @@ set(CMAKE_C_FLAGS "-Wall -Werror -g -fstack-protector -fshort-enums -z noexecsta
add_executable(vuln vuln.c) add_executable(vuln vuln.c)
add_subdirectory(presentation) if(NOT DEFINED ENV{DISABLE_PRESENTATION_BUILD})
add_subdirectory(presentation)
endif()

2
compile_docker/Dockerfile
View File

@@ -18,6 +18,6 @@ RUN mkdir /home/pwn/source
RUN tar xvf /home/pwn/parent.tar.xz -C /home/pwn/source RUN tar xvf /home/pwn/parent.tar.xz -C /home/pwn/source
RUN mkdir /home/pwn/build RUN mkdir /home/pwn/build
WORKDIR /home/pwn/build WORKDIR /home/pwn/build
RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
RUN make RUN make

17
debug_docker/Dockerfile
View File

@@ -8,18 +8,7 @@ FROM debian:bullseye
RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake tar gdb libc6-dbg python3 file strace RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake tar gdb libc6-dbg python3 file strace
COPY fnetd /bin/
############### INSTALL FNETD
RUN wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O /fnetd.tar.xz
RUN tar -xf fnetd.tar.xz
RUN mkdir /fnetd/build
WORKDIR /fnetd/build
RUN cmake .. -G "Unix Makefiles"
RUN make
WORKDIR /
############### END INSTALL
## Add your own dummy get_flag here ## Add your own dummy get_flag here
COPY get_flag /bin/get_flag COPY get_flag /bin/get_flag
@@ -36,7 +25,7 @@ RUN mkdir /home/pwn/source
RUN tar xvf /home/pwn/parent.tar.xz -C /home/pwn/source RUN tar xvf /home/pwn/parent.tar.xz -C /home/pwn/source
RUN mkdir /home/pwn/build RUN mkdir /home/pwn/build
WORKDIR /home/pwn/build WORKDIR /home/pwn/build
RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
RUN make RUN make
WORKDIR / WORKDIR /
@@ -53,4 +42,4 @@ EXPOSE 1337
# Feel free to replace password with the actual chall pw # Feel free to replace password with the actual chall pw
ENV FNETD_PASSWORD=1234 ENV FNETD_PASSWORD=1234
CMD ["/fnetd/build/fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"] CMD ["fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"]

3
debug_docker/launch.sh
View File

@@ -1,6 +1,7 @@
rm -f parent rm -f parent
find .. -maxdepth 1 -type f | xargs tar cvf parent.tar.xz find .. -maxdepth 1 -type f | xargs tar cvf parent.tar.xz
cp ../fnetd .
docker container rm binex_project docker container rm binex_project
docker image rm binex_project docker image rm binex_project
docker build -t binex_project . docker build -t binex_project .
docker run -it -p 1337:1337 --cap-add=SYS_PTRACE --name binex_project binex_project docker run -it -p 8001:1337 --cap-add=SYS_PTRACE --name binex_project binex_project

BIN
fnetd Executable file
View File

Binary file not shown.

2
generate_submission.sh
View File

@@ -8,6 +8,7 @@ cp exploit/exploit.py private
cp activation_key.txt private cp activation_key.txt private
cp release_docker/README.md private cp release_docker/README.md private
cp release_docker/Dockerfile private cp release_docker/Dockerfile private
cp fnetd private
# compile vuln # compile vuln
cd compile_docker cd compile_docker
@@ -18,6 +19,7 @@ cd ..
cp compile_docker/vuln public cp compile_docker/vuln public
cp vuln.c public cp vuln.c public
cp release_docker/Dockerfile public cp release_docker/Dockerfile public
cp fnetd public
echo "Pinguine toll Pinguine toll Pinguine super" >public/activation_key.txt echo "Pinguine toll Pinguine toll Pinguine super" >public/activation_key.txt

15
release_docker/Dockerfile
View File

@@ -3,18 +3,7 @@ FROM debian:bullseye
RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake
COPY fnetd /bin/
############### INSTALL FNETD
RUN wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O /fnetd.tar.xz
RUN tar -xf fnetd.tar.xz
RUN mkdir /fnetd/build
WORKDIR /fnetd/build
RUN cmake .. -G "Unix Makefiles"
RUN make
WORKDIR /
############### END INSTALL
COPY get_flag /bin/get_flag COPY get_flag /bin/get_flag
@@ -32,4 +21,4 @@ EXPOSE 1337
# Feel free to replace password with the actual chall pw # Feel free to replace password with the actual chall pw
ENV FNETD_PASSWORD= ENV FNETD_PASSWORD=
CMD ["/fnetd/build/fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"] CMD ["fnetd", "-p", "1337", "-u", "pwn", "-lt", "2", "-lm", "536870912", "./vuln"]

18
tests/Dockerfile
View File

@@ -2,17 +2,7 @@ FROM debian:bullseye
RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake RUN apt update -y && apt upgrade -y && apt install -y build-essential wget cmake
############### INSTALL FNETD COPY fnetd /bin/fnetd
RUN wget https://cloud.sec.in.tum.de/index.php/s/n5cJnDqnnpSeEpd/download/fnetd.tar.xz -O /fnetd.tar.xz
RUN tar -xf fnetd.tar.xz
RUN mkdir /fnetd/build
WORKDIR /fnetd/build
RUN cmake .. -G "Unix Makefiles"
RUN make
WORKDIR /
############### END INSTALL
## Add dummy get_flag ## Add dummy get_flag
COPY tests/get_flag.c /bin/get_flag.c COPY tests/get_flag.c /bin/get_flag.c
@@ -30,12 +20,12 @@ COPY . /home/pwn/source
# compile vuln in debug mode # compile vuln in debug mode
RUN mkdir /home/pwn/debug RUN mkdir /home/pwn/debug
WORKDIR /home/pwn/debug WORKDIR /home/pwn/debug
RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Debug RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Debug
RUN make RUN make
RUN mkdir /home/pwn/release RUN mkdir /home/pwn/release
WORKDIR /home/pwn/release WORKDIR /home/pwn/release
RUN cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release RUN DISABLE_PRESENTATION_BUILD=true cmake /home/pwn/source -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
RUN make RUN make
RUN chown -R pwn:pwn /home/pwn RUN chown -R pwn:pwn /home/pwn
@@ -56,4 +46,4 @@ WORKDIR /home/pwn
RUN cp /home/pwn/source/activation_key.txt activation_key.txt RUN cp /home/pwn/source/activation_key.txt activation_key.txt
ENTRYPOINT ["sh", "-c", "/fnetd/build/fnetd -p $PORT_DEBUG -u pwn -lt 2 -lm 536870912 /home/pwn/debug/vuln & /fnetd/build/fnetd -p $PORT_RELEASE -u pwn -lt 2 -lm 536870912 /home/pwn/release/vuln"] ENTRYPOINT ["sh", "-c", "fnetd -p $PORT_DEBUG -u pwn -lt 2 -lm 536870912 /home/pwn/debug/vuln & fnetd -p $PORT_RELEASE -u pwn -lt 2 -lm 536870912 /home/pwn/release/vuln"]