-
Notifications
You must be signed in to change notification settings - Fork 29
/
spoiler05.html
143 lines (143 loc) · 8.53 KB
/
spoiler05.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>
"first they ignore you, then they threaten to sue you, then they deny the
vulnerability, then you p0wn them"
</TITLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#FF0000" VLINK="#0000FF" ALINK="#00
FF00">
<!-- Nothing to see but we have happily logged you. Thank you! -->
<QUOTE>
"first they ignore you, then they threaten to sue you, then they deny the
vulnerability, then you p0wn them" -- with apologies to Mahatma Gandhi
</QUOTE>
<PRE>
archimede:~$ file pocorgtfo05.pdf
pocorgtfo05.pdf: ISO 9660 CD-ROM filesystem data 'TetrangOS ' (bootable)
</PRE>
<P>
and
</P>
<PRE>
archimede:~$ unzip -v pocorgtfo05.pdf
Archive: pocorgtfo05.pdf
warning [pocorgtfo05.pdf]: 26368859 extra bytes at beginning or within zipfile
(attempting to process anyway)
Length Method Size Ratio Date Time CRC-32 Name
-------- ------ ------- ----- ---- ---- ------ ----
0 Stored 0 0% 08-04-14 21:11 00000000 PEXternalizer/
0 Stored 0 0% 08-04-14 21:11 00000000 PEXternalizer/gerbers/
36757 Defl:X 8364 77% 08-04-14 21:11 8951ef3a PEXternalizer/gerbers/mPEXternalizer.GBL
350 Defl:X 178 49% 08-04-14 21:11 41ef7268 PEXternalizer/gerbers/mPEXternalizer.XLN
43198 Defl:X 9972 77% 08-04-14 21:11 1d07892a PEXternalizer/gerbers/mPEXternalizer.GTL
126902 Defl:X 28569 78% 08-04-14 21:11 9e23dd0a PEXternalizer/gerbers/PEXternalizer.GTL
10607 Defl:X 1999 81% 08-04-14 21:11 1362f6a4 PEXternalizer/gerbers/mPEXternalizer.GTS
1079 Defl:X 394 64% 08-04-14 21:11 2b2fd9f2 PEXternalizer/gerbers/PEXternalizer.XLN
20909 Defl:X 4710 78% 08-04-14 21:11 ea04d9a4 PEXternalizer/gerbers/mPEXternalizer.GBO
45783 Defl:X 9521 79% 08-04-14 21:11 fa67abdf PEXternalizer/gerbers/PEXternalizer.GBO
35428 Defl:X 7655 78% 08-04-14 21:11 a9df2250 PEXternalizer/gerbers/PEXternalizer.GTO
1268 Defl:X 406 68% 08-04-14 21:11 72fecc3a PEXternalizer/gerbers/mPEXternalizer.GBS
9731 Defl:X 2442 75% 08-04-14 21:11 ab8908e0 PEXternalizer/gerbers/mPEXternalizer.GKO
128653 Defl:X 29251 77% 08-04-14 21:11 40fe72f8 PEXternalizer/gerbers/PEXternalizer.GBL
11186 Defl:X 2061 82% 08-04-14 21:11 c540d525 PEXternalizer/gerbers/PEXternalizer.GBS
9012 Defl:X 2246 75% 08-04-14 21:11 b25e9619 PEXternalizer/gerbers/PEXternalizer.GKO
30759 Defl:X 6634 78% 08-04-14 21:11 2ffd2bb9 PEXternalizer/gerbers/mPEXternalizer.GTO
18201 Defl:X 3318 82% 08-04-14 21:11 73340665 PEXternalizer/gerbers/PEXternalizer.GTS
18026 Defl:X 6802 62% 08-04-14 21:11 314a1dd2 PEXternalizer/LICENSE
0 Stored 0 0% 08-04-14 21:11 00000000 PEXternalizer/eagle/
118946 Defl:X 11313 91% 08-04-14 21:11 a1811f8e PEXternalizer/eagle/PEXternalizer.sch
67047 Defl:X 9735 86% 08-04-14 21:11 9a64483a PEXternalizer/eagle/PEXternalizer.brd
59982 Defl:X 8815 85% 08-04-14 21:11 a20ed85f PEXternalizer/eagle/mPEXternalizer.brd
54806 Defl:X 6088 89% 08-04-14 21:11 c7201662 PEXternalizer/eagle/mPEXternalizer.sch
890 Defl:X 460 48% 08-04-14 21:11 4079216b PEXternalizer/PEXternalizer-BOM.csv
0 Stored 0 0% 08-04-14 21:11 00000000 PEXternalizer/eagle-support/
75865 Defl:X 7422 90% 08-04-14 21:11 21e5cb30 PEXternalizer/eagle-support/con-pci_express%28pci-e%29.lbr
293800 Defl:X 32560 89% 08-04-14 21:11 683f0417 PEXternalizer/eagle-support/securinghardware.lbr
42631 Defl:X 4062 91% 08-04-14 21:11 f9489239 PEXternalizer/eagle-support/con-heo.mini_pci_express.lbr
1844 Defl:X 991 46% 08-04-14 21:11 ef785144 PEXternalizer/README.md
0 Stored 0 0% 08-04-14 21:11 00000000 collision/
447780 Defl:X 248722 45% 08-04-14 21:11 1d2cf7e7 collision/mbr_shell_rar1.pdf
110809 Defl:X 50821 54% 08-04-14 21:11 b7e897e3 collision/jpg-rar0.jpg
2347 Defl:X 945 60% 08-04-14 21:11 8fa25759 collision/msha1.py
354 Defl:X 167 53% 08-04-14 21:11 fa48f512 collision/readme.txt
447780 Defl:X 248722 45% 08-04-14 21:11 dbf86217 collision/mbr_shell_rar0.pdf
2560 Defl:X 997 61% 08-04-14 21:11 c789f50e collision/make_collision.py
110809 Defl:X 50823 54% 08-04-14 21:11 fa6f5705 collision/jpg-rar1.jpg
1294 Defl:X 604 53% 08-04-14 21:11 9899e045 lazy.c
549 Defl:X 278 49% 08-04-14 21:11 677cef1f manulmascot.txt
7873 Defl:X 2737 65% 08-04-14 21:11 4cf0df95 mpbs.asm
2285 Defl:X 975 57% 08-04-14 21:11 d6685e2a rosetta-rick.swf
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/utils/
1340 Defl:X 537 60% 08-04-14 21:11 8e5b076b rosettaflash/utils/utils.go
18092 Defl:X 6806 62% 08-04-14 21:11 4e46f4a1 rosettaflash/LICENSE
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/zlibStream/
10608 Defl:X 2446 77% 08-04-14 21:11 1425ab06 rosettaflash/zlibStream/zlibStream.go
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/flashFile/
973 Defl:X 389 60% 08-04-14 21:11 431e95ba rosettaflash/flashFile/flashFile.go
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/huffman/
9786 Defl:X 1906 81% 08-04-14 21:11 9f69b64f rosettaflash/huffman/huffman.go
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/adler32_fuzzer/
1306 Defl:X 536 59% 08-04-14 21:11 64b13546 rosettaflash/adler32_fuzzer/adler32_fuzzer.go
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/adler32_mod/
1465 Defl:X 648 56% 08-04-14 21:11 c111e13a rosettaflash/adler32_mod/adler32_mod.go
240 Defl:X 186 23% 08-04-14 21:11 017e3177 rosettaflash/CREDITS
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/charset/
1139 Defl:X 440 61% 08-04-14 21:11 6da2eaae rosettaflash/charset/charset.go
0 Stored 0 0% 08-04-14 21:11 00000000 rosettaflash/PoC/
1158 Defl:X 517 55% 08-04-14 21:11 61d7c149 rosettaflash/PoC/eval_load-ascii.swf
148 Defl:X 104 30% 08-04-14 21:11 b8d6cec9 rosettaflash/PoC/check_alphanum.py
248 Defl:X 144 42% 08-04-14 21:11 72266fc7 rosettaflash/PoC/eval_load.as
377 Defl:X 286 24% 08-04-14 21:11 813608cc rosettaflash/PoC/rickroll.swf
179 Defl:X 136 24% 08-04-14 21:11 6d8363f1 rosettaflash/PoC/rickroll.as
393 Defl:X 220 44% 08-04-14 21:11 b16dd2e2 rosettaflash/PoC/UniversalExfiltrator.as
1231 Defl:X 554 55% 08-04-14 21:11 a18a5d35 rosettaflash/PoC/rickroll-ascii.swf
1629 Defl:X 639 61% 08-04-14 21:11 5218837d rosettaflash/PoC/UniversalExfiltrator-ascii.swf
541 Defl:X 360 34% 08-04-14 21:11 0c957a2b rosettaflash/PoC/UniversalExfiltrator.swf
294 Defl:X 209 29% 08-04-14 21:11 6de9a584 rosettaflash/.gitignore
1085 Defl:X 570 48% 08-04-14 21:11 8e98d963 rosettaflash/README.md
2796 Defl:X 1137 59% 08-04-14 21:11 decc6797 rosettaflash/rosettaflash.go
962 Defl:X 468 51% 08-04-14 21:11 09e790ac style.txt
56807352 Defl:X 56275027 1% 08-04-14 21:11 be2ccd2d pocorgtfo04.pdf
-------- ------- --- -------
59261442 57106024 4% 74 files
</PRE>
<P>
and, by now, you do recall that within 0x04 lies <a href="spoiler04.html">other interesting material</a>, do you not?
</P>
<P>
As usual there is more...
</P>
<PRE>
wittgenstein:~$ sudo mount -o ro -t iso9660 pocorgtfo05.pdf /mnt
[sudo] password for arrigo:
wittgenstein:~$ cd /mnt/
wittgenstein:/mnt$ ls -l
total 1443
-r-xr-xr-x 1 root root 2048 Jul 17 12:00 boot.cat
-r-xr-xr-x 1 root root 51 Jul 17 12:00 readme.txt
-r-xr-xr-x 1 root root 1474560 Jul 17 12:00 tetrangl.img
</PRE>
<P>
That worked!
</P>
<PRE>
wittgenstein:/mnt$ cat readme.txt
Never gonna give you up!
Never gonna let you down!
wittegenstein:/mnt$ file *
boot.cat: FoxPro FPT, blocks size 0, next free block index 16777216
readme.txt: ASCII text
tetrangl.img: x86 boot sector
</PRE>
<P>
So, what should you do next? Well, how about a little emulation...
</P>
<PRE>
archimede:~$ qemu-system-i386 -cdrom pocorgtfo05.pdf
</PRE>
<IMG SRC="pocorgtfo05-qemu.png" ALT="PoC||GTFO 0x05 booting under QEmu into Tetris"/>
</BODY>
</HTML>