Skip to content
TokyoWestens CTF 4th 2018 EscapeMe challenge
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin subtree-merge kvm/kernel/libc Aug 30, 2018
exploit exploit : strip payload / payload_size Sep 3, 2018
kernel subtree-merge kvm/kernel/libc Aug 30, 2018
kvm subtree-merge kvm/kernel/libc Aug 30, 2018
release add make release Aug 30, 2018
.gitignore launcher using hashcash pow Aug 27, 2018
Makefile
README.md add libc in release Aug 30, 2018

README.md

EscapeMe

Environment

Ubuntu 18.04

Requirement

  • make
  • gcc
  • nasm
  • execstack

Usage

Build

$ make

$ make FLAG=TWCTF  # generate real flag

Run

$ make run

$ make
$ ./release/run.sh

Exploit

$ make exploit

$ make
$ cd exploit && ./exploit.py

Clean

$ make clean

Attachement

  • pow.py
  • kvm.elf
  • kernel.bin (including flag1)
  • memo-static.elf
  • libc-2.27.so
  • flag2.txt
  • flag3-sha1_of_flag.txt

Deployment on CTF Server

$ ls -al /home/escape/
drwxr-x--- 2 root escape  4096 Aug 28 11:28 .
drwxr-xr-x 8 root root    4096 Aug 28 10:10 ..
-rw-r----- 1 root escape    75 Aug 28 10:10 flag2.txt
-rw-r----- 1 root escape    67 Aug 28 10:10 flag3-415254a0b8be92e0a976f329ad3331aa6bbea816.txt
-rw-r----- 1 root escape  8514 Aug 28 10:10 hashcash.pyc
-rw-r----- 1 root escape  8544 Aug 28 10:10 kernel.bin
-rwxr-x--- 1 root escape 23336 Aug 28 10:10 kvm.elf
-rwxr-x--- 1 root escape 20176 Aug 28 10:10 memo-static.elf
-rwxr-x--- 1 root escape  1684 Aug 28 11:28 pow.py
You can’t perform that action at this time.