1581, 1/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   (²Ä¼ö) L.O.B Çѹ濡 Ŭ¸®¾îÇϱâ

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8564 [º¹»ç]


ÇÊÀÚ°¡ LD_PRELOAD¿¡ ´ëÇØ ¿¬±¸Çϸ鼭 ¾Ë°Ô µÈ »ç½ÇÀε¥

my-pass ÆÄÀÏÀº ¸Å¿ì Ãë¾àÇÏ´Ù.

LD_PRELOAD´Â ȯ°æº¯¼ö Áß ÇϳªÀÌ´Ù.

ÇÁ·Î¼¼½º¸¦ ½ÇÇàÇÏ´Â °úÁ¤¿¡¼­ ¶óÀ̺귯¸®¸¦ ·ÎµùÇÒ ¶§,

LD_PRELOAD(ȯ°æº¯¼ö)°¡ ¼³Á¤ÀÌ µÇ¾îÀÖ´Ù¸é

ÇØ´ç º¯¼ö¿¡ ÁöÁ¤µÈ ¶óÀ̺귯¸®¸¦ ¸ÕÀú ·ÎµùÇÑ´Ù.

LD_PRELOAD ȯ°æº¯¼ö¿¡ ÀúÀåÇÏ´Â ¿©·¯°¡Áö ¹æ¹ý Áß ½©¿¡ µî·ÏÇÏ¿© »ç¿ëÇÏ´Â ¹æ¹ýÀÌ ÀÖ´Ù.

my-pass ÆÄÀÏÀº geteuid¸¦ Çؼ­ »ç¿ëÀÚÀÇ euid¿¡ ¸Â´Â Æнº¿öµå¸¦ Ãâ·ÂÇØÁØ´Ù.

±×·±µ¥ LD_PRELOAD¶ó´Â ȯ°æº¯¼ö´Â ƯÁ¤ÇÑ ÇÔ¼ö¸¦ ¹Ì¸® µî·ÏÇØ µÑ ¼ö ÀÖ´Ù.

±×·¸´Ù¸é ÀÌ LD_PRELOAD¶õ ¹«¾ùÀϱî?

¾Æ·¡´Â °£´ÜÇÏ°Ô ±¸±Û¸µÀ» ÇÏ¿©

ÇØ¿Ü »çÀÌÆ®¿¡¼­ ld_preload¿¡ ´ëÇØ Ã£¾Æº» ±ÛÀ» ÀοëÇÑ °ÍÀÌ´Ù.

========================================
.
.
.
Normally the Linux dynamic loader ld-linux (see ld-linux(8) man page) finds and loads the shared libraries needed by a program, prepare the program to run, and then run it. The shared libraries (shared objects) are loaded in whatever order the loader needs them in order to resolve symbols.
.
.
.

(Çؼ®)
.
.
.
º¸ÆíÀûÀ¸·Î ¸®´ª½º µ¿Àû ·Î´õ´Â ÇÁ·Î±×·¥¿¡ ÇÊ¿äÇÑ °øÀ¯ ¶óÀ̺귯¸®µéÀ»
ã°í ·ÎµåÇÏ¸ç ½ÇÇàÇÒ ÇÁ·Î±×·¥À» ÁغñÇÑ ´ÙÀ½ ½ÇÇàÇÑ´Ù.
°øÀ¯ ¶óÀ̺귯¸®´Â ±âÈ£¸¦ È®ÀÎÇϱâ À§ÇÏ¿© ·Î´õ°¡ ÇÊ¿äÇÑ ¼ø¼­´ë·Î ·ÎµåµÈ´Ù ±×¸®°í...
========================================







geteuid°¡ ¿øÇÏ´Â ´Ü°èÀÇ uid¸¦ ¸®ÅÏÇϵµ·Ï LD_PRELOAD¸¦ »ç¿ëÇؼ­ Á¶ÀÛÇÒ ¼ö ÀÖ´Ù.

±×·¯¸é my-pass´Â Á¶ÀÛµÈ geteuidÀÇ °á°ú¿¡ µû¶ó ´Ù¸¥ ¾ÆÀ̵ðÀÇ ºñ¹Ð¹øÈ£¸¦ ¹ñ¾î³¾ °ÍÀÌ´Ù.

---------------------
int geteuid(void);

int main(void)
{
        return geteuid();
}

int geteuid(void) {
    return 520;
}

--------------------

[gate@localhost gate]$ gcc -o geteuid -shared -fPIC geteuid.c
[gate@localhost gate]$ export LD_PRELOAD=./geteuid
[gate@localhost gate]$ my-pass















ÇÊÀÚ°¡ ÀÌ°ÍÀ» »ý°¢ÇÏ´Â µµÁß,

int geteuid(void)
{
    return 520;
}

ÀÌ·¸°Ô ¾²¸é mainÇÔ¼ö, Áï ½ÃÀÛÁ¡ÀÌ ¾ø´Ù°í ¿¡·¯¸¦ ¹ñ¾ú´Ù.

±×·¸´Ù¸é mainÇÔ¼ö¿¡¼­ ¼­ºêÇÔ¼ö¸¦ ¸¸µç´ÙÀ½ 520À» ¸®ÅÏÇÏ°í ±× °ªÀ»

mainÇÔ¼ö°¡ ¸®ÅÏÇϸé ÀÌ·¨´ø Àú·¨´ø 520À» ¸®ÅÏÇÑ´Ù´Â »ç½ÇÀº º¯ÇÔ¾øÁö ¾Ê´Â°¡?

¸ðµç ÇÁ·Î±×·¥Àº ½ÃÀÛÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

ÀϹÝÀûÀÎ C¾ð¾î¶ó¸é mainÇÔ¼ö°¡ ½ÃÀÛÁ¡ÀÌ µÇ´Âµ¥ (ÀÌ°ÍÀ» entry point¶ó°íµµ ÇÑ´Ù)

ÀÌ ½ÃÀÛÁ¡À» mainÀÌ ¾Æ´Ñ ´Ù¸¥ À̸§ÀÇ ÇÔ¼ö°¡ µÉ ¼ö ÀÖÀ»±î?

¶ó´Â °íÂûÀ» Çϸ鼭 °­Á´ ¿©±â±îÁö ¸¶Ä¡°Ú´Ù.


  Hit : 1160     Date : 2023/01/14 03:09



    
ÇØÅ·ÀßÇÏ°í½Í´Ù ¸¶Áö¸· ¹®´Ü¿¡ ¿ÀÇØÀÇ ¼ÒÁö°¡ Àֳ׿ä.
Windows API¿¡¼± WinMainÀÌ ½ÃÀÛÁ¡ÀÌ¶ó¼­ mainÇÔ¼ö¿Í À̸§ÀÌ ´Ù¸£±ä Çѵ¥
"gcc°°Àº ÄÜ¼Ö C¾ð¾î ÇÁ·Î±×·¡¹Ö¿¡¼­ mainÇÔ¼ö À̸§À» º¯°æÇÒ ¼ö ÀÖÀ»±î?"°¡ °íÂûÇÒ Á¡ÀÔ´Ï´Ù.
±¸±Û¸µÀ» Çؼ­ Çѹø ¾Ë¾ÆºÁ¾ß µÇ°Ú³×¿ä.
2023/01/15  
Àܵ¥½º ¤§ 2024/03/16  
     [°øÁö] °­Á¸¦ ¿Ã¸®½Ç ¶§´Â ¸»¸Ó¸®¸¦ ´Þ¾ÆÁÖ¼¼¿ä^¤Ñ^ [29] ¸Û¸Û 02/27 18683
1580   °í¼ö´ÔµéÀÇ µµ¿òÀ» ¹Þ°í ½Í½À´Ï´Ù     vbnm111
02/11 140
1579   ¸®´ª½º Ä¿³Î 2.6 ¹öÀü ÀÌÈÄÀÇ LKM     jdo
07/25 647
1578   ½©ÄÚµå ¸ðÀ½     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/15 1456
1577   Call by value VS Call by Reference     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/15 846
  (²Ä¼ö) L.O.B Çѹ濡 Ŭ¸®¾îÇϱâ[2]     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/14 1159
1575   towelroot.c (zip) ÄÚ¸àÆÃ.[1]     scube
08/18 3685
1574   levitator.c (¾Èµå·ÎÀÌµå ·çÆÃ) °ø°Ý ºÐ¼® ¼Ò½º ÄÚµå °øÀ¯.[4]     scube
08/17 3613
1573   ¹«·á Á¤º¸º¸¾È ±â¼úÀÎÀç ¾ç¼º °úÁ¤ ±³À°»ý ¸ðÁý     chanjung111
06/17 4406
1572   K-Shield ÁִϾî 5±â ¸ðÁý     lrtk
06/17 4149
1571   [ÆÁ] ÆÄÀ̽ã 2¼Ò½º¸¦ 3À¸·Î º¯°æÇØÁÖ´Â »çÀÌÆ®[3]     ÇѽÂÀç
05/13 3843
1570   ±¸±Û ¹é¸µÅ© ÀÛ¾÷ Áú¹®¿ä     wkatnxka
03/30 3296
1569   [ÆÁ] ¿ìºÐÅõ ¹Ì·¯¸µ¼­¹ö     ÇѽÂÀç
03/09 3983
1568 ºñ¹Ð±ÛÀÔ´Ï´Ù  °¨À»¸øÀâ°Ú³×¿ä¤Ì¤Ì     À×À×À×
01/15 3
1567   µ¥ºñ¾È °è¿­ ¸®´ª½º ÀÇÁ¸¼º ±úÁ³À»¶§ ÇØ°á¹ý     ÇѽÂÀç
11/27 4459
1566   È«º¸ÇÕ´Ï´Ù. ½Å»ý º¸¾ÈÄ¿¹Â´ÏƼÀÔ´Ï´Ù.     kimwoojin0952
10/26 4193
1565   ½Å±âÇÑ ÇÁ·Î±×·¡¹Ö ¾ð¾î[3]     koreal33t
09/06 4588
1564   À©µµ¿ì,¸®´ª½º¿¡¼­ ³» ip¸¦ È®ÀÎÇØ º¸ÀÚ [1]     koreal33t
09/06 3790
1563   CTF »çÀÌÆ®[1]     koreal33t
09/06 4443
1562   ÀÚ°ÝÁõ (¹®Á¦)»çÀÌÆ® [2]     koreal33t
09/06 4260
1 [2][3][4][5][6][7][8][9][10]..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org