http://www.hackerschool.org/HS_Boards/zboard.php?desc=desc&no=1999 [º¹»ç]
-Ãë¾à¼º ÀÖ´Â ÄÚµå-
#include <stdio.h>
#include <string.h>
void bar(char *last){
char buf[48];
strcpy(buf, last);
}
void foo(cahr *hard){
int information =1;
int protection =2;
bar(hard);
}
int main (int argc, char *argv []){
foo(argv[1]);
return 0;
}
À§¸¦ Äڵ带 È°¿ëÇؼ ROP °ø°ÝÀ» ÇÏ°í ½Í¾î¿ä. ÄÄÆÄÀÏ ÇÒ¶§ ´õ¹Ì°ª¸¸ Á¦°ÅÇÏ°í SSP¿Í NXºñÆ®´Â ÇØÁ¦ ¾È ÇÑ »óÅÂÀÔ´Ï´Ù. ASLR È°¼ºÈ¸µÈ »óÅ¿¡¼ ROP°ø°ÝÀ» ÇÏ°í ½Í½À´Ï´Ù.
payload¸¦ strcoy@plt+ppr+bssaddress+char(/bin/sh) ³Ö¾îÁÖ°í ¸¶Áö¸·¿¡ ½Ã½ºÅÛ ÁÖ¼Ò¿Í bssÁÖ¼Ò¸¦ ´Ù½Ã ³Ö¾îÁá´Âµ¥, °è¼Ó °ø°Ý¿¡ ½ÇÆÐÇÕ´Ï´Ù. Ȥ½Ã ½ÇÆпøÀÎÀ̳ª ÁÁÀº ¹æ¹ý ¾Ë ¼ö ÀÖÀ»±î¿ä???
|
Hit : 1644 Date : 2021/06/16 10:52
|