¸®´ª½º

 3923, 1/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ewqqw
   SETUID¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ ¾ò±â ¼Ò½º ºÐ¼® ºÎŹ µå¸³´Ï´Ù

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4445 [º¹»ç]


¸çĥ° Çظްí Àֳ׿ä

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>

int main(){
    char command[256];
    char expand[256];
    printf("I will let you execute a single command...\n");
    printf("Try and get a shell with the command!\n");  

    fgets(command, 255, stdin);
    readlink(strtok(command, "\n"), expand, 255);

    if(strncmp(expand, "/bin/sh", 7) && strncmp(expand, "dash", 4)){
        printf("Nope! You always want to run /bin/sh\n");
        exit(0);
    }
    
    if(strstr(command, "sh")){
        printf("Almost... try to use a different name!\n");
        exit(0);
    }

    system(command);

    return 0;
}
  Hit : 1879     Date : 2017/03/07 06:42


    
pwn2on °£´ÜÇÏ°Ô ¼³¸íÇÑ´Ù¸é,
ÇØ´ç ÄÚµå´Â ¹®ÀÚ¿­À» ÀԷ¹޾ÆÁÖ°í ±× ¹®ÀÚ¿­À» ¸í·É¾î·Î ½ÇÇà½ÃÄÑÁÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù.
command¶ó´Â º¯¼ö¿¡ 256 Byte¸¸Å­ µ¥ÀÌÅ͸¦ ÀԷ¹ްí
readlink ÇÔ¼ö´Â °æ·Î°¡ ½Éº¼¸¯ ¸µÅ©¶ó¸é ±×°ÍÀ» ÀúÀåÇØÁÖ´Â ÇÔ¼öÀÔ´Ï´Ù.
strtok()´Â ƯÁ¤ ¹®ÀÚ¿­À» ±âÁØÀ¸·Î Data¸¦ Split ÇØÁÖ´Â ±â´ÉÀ̱¸¿ä.

ÀÌ·±½ÄÀ¸·Î ºÐ¼®ÇØ ³ª°¡¸é¼­ setuidÀÇ exploitÀ» ½ÃµµÇغ¸½Ã¸é µÉ°Å °°½À´Ï´Ù.		 2017/03/07  
ÇØÄð·¯ command´Â ¿øº» ¹®ÀÚ¿­, expand´Â readlink¸¦ ÇÑ °á°úÁÒ
°á±¹ µÑ´Ù ÀԷ¿¡ ÀÇÁ¸ÇÏ´Â µ¥ÀÌÅ͵éÀÌÁö¸¸ ÇÊÅ͸µÇÏ´Â ¹æ½ÄÀÌ ´Ù¸¨´Ï´Ù
command¿¡´Â sh°¡ ¾øÁö¸¸, ±× command·Î µé¾î¿Â ÇÁ·Î±×·¥ÀÌ ½Éº¼¸¯ ¸µÅ©µÈ ÆÄÀÏÀÌ°í, /bin/sh³ª dash¸¦ °¡¸£Å°°Ô ÇÏ¸é µÇ´Â°ÅÁÒ
ln -s /bin/sh /tmp/hack ÀÌ·±½ÄÀ¸·Î ÇϽŴÙÀ½¿¡
¹®Á¦¸¦ ½ÇÇàÇϼż­
¹®Á¦ÀÇ fgets¿¡ /tmp/hack À» ÀÔ·ÂÇÏ½Ã¸é µË´Ï´Ù		 2017/03/07  
ewqqw °¨»çÇÕ´Ï´Ù~~ ÇØ°áµÇ¾ú¾î¿ä 2017/03/08  
3923   ¸®´ª½º°¡ ¼³Ä¡µÈ ÆÄÀÏÀ» ±âÁ¸ ³»Àåssd¿¡¼­ ¿ÜÀåssd·Î ¿Å±â±â      wnddkdch2004
 01/16 1447
3922   VM ȯ°æ¿¡¼­ GPU »ç¿ë¹ý¿¡ ´ëÇÑ Áú¹®[1]     wuzu22
 07/19 1448
3921   ¸®´ª½º °øºÎ ¹æ¹ý, ±³Àç ÃßõÇØ ÁÖ¼¼¿ä.[1]     Haike0548
 05/24 1653
3920   vmware Ä®¸®¸®´ª½º Áú¹®ÀÖ¾î¿ä![2]     EgoistYI
 04/05 1745
3919   ftz trainer1 ¾ÏÈ£¿ä¤Ð[1]     keeyeon
 04/02 1585
3918   FTZÁ¢¼Ó¹æ¹ý[2]     tkd115
 01/13 2314
3917   ¸®´ª½º john the ripper´ëÇÑ Áú¹® Á» ÇÒ°Ô¿ä     cd1641
 11/20 1588
3916   ftz ȯ°æ±¸Ãà ÇÏ·Á°í Çϴµ¥ °è¼Ó ¿À·ù°¡ ¹ß»ýÇÕ´Ï´Ù. [2]     poh1207
 07/10 1604
3915     [re] ftz ȯ°æ±¸Ãà ÇÏ·Á°í Çϴµ¥ °è¼Ó ¿À·ù°¡ ¹ß»ýÇÕ´Ï´Ù.      kimwoojin0952
 08/02 1377
3914   x11vnc ¼³Ä¡ÈÄ, À©µµ¿ì ¾ÈµÊ. ubuntu18.04.2 LTS     localid
 04/23 2121
3913   ÆÄÀÏ µð½ºÅ©¸³ÅÍ[1]     turttle2s
 02/10 1584
3912   DVWA»ç¿ëÈÄ ÆÄÀ̾îÆø½º°¡¾ÈµË´Ï´Ù[1]     wlzh1313
 02/07 2008
3911   ¸®´ª½º ºÎÆÃUSB Áú¹®     iioks
 12/29 1702
3910   dionaea honeypot Çغ¸½ÅºÐ °è½Å°¡¿ä?     teletubbies
 07/05 2344
3909   ¸®´ª½º¿¡¼­ pupy¼³Ä¡ÇÒ¶§..     redfrog
 05/07 2939
3908   bootable USB ¸¸µé¶§     krimson701
 03/27 2268
3907   FTZ ·ÎÄÃȯ°æ ±¸ÃàÁú¹®[1]     krimson701
 03/19 2846
3906   ÇÏµå ¸µÅ©¿Í ½Éº¼¸¯ ¸µÅ©     ka0r1
 12/07 2148
3905   ¸®´ª½º [1]     jeffrey4127
 11/26 1879
3904   ¸®´ª½º vmware ¼³Ä¡[2]     jeffrey4127
 10/31 2743
1 [2][3][4][5][6][7][8][9][10]..[197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org