|
http://www.hackerschool.org/HS_Boards/zboard.php?id=bof_fellowship&no=86 [º¹»ç]
[¸÷ ¸®½ºÆ®]
LEVEL1 (gate -> gremlin) : simple bof
LEVEL2 (gremlin -> cobolt) : small buffer
LEVEL3 (cobolt -> goblin) : small buffer + stdin
LEVEL4 (goblin -> orc) : egghunter
LEVEL5 (orc -> wolfman) : egghunter + bufferhunter
LEVEL6 (wolfman -> darkelf) : check length of argv[1] + egghunter + bufferhunter
LEVEL7 (darkelf -> orge) : check argv[0]
LEVEL8 (orge -> troll) : check argc
LEVEL9 (troll -> vampire) : check 0xbfff
LEVEL10 (vampire -> skeleton) : argv hunter
LEVEL11 (skeleton -> golem) : stack destroyer
LEVEL12 (golem -> darkknight) : sfp
LEVEL13 (darkknight -> bugbear) : RTL1
LEVEL14 (bugbear -> giant) : RTL2, only execve
LEVEL15 (giant -> assassin) : no stack, no RTL
LEVEL16 (assassin -> zombie_assassin) : fake ebp
LEVEL17 (zombie_assassin -> succubus) : function calls
LEVEL18 (succubus -> nightmare) : plt
LEVEL19 (nightmare -> xavis) : fgets + destroyers
LEVEL20 (xavis -> death_knight) : remote BOF
ÀÌ·¸°Ô Çؼ ÃÑ 20¸¶¸®ÀÇ ¸ó½ºÅ͵éÀÌ GATE1 ¼¹ö¿¡ ¹èÄ¡µÇ¾ú½À´Ï´Ù.
LEVEL20±îÁö ¸ðµÎ ÀâÀ¸½Å ºÐµé²´ º»ÀÎ IDÀÇ ±ÇÇÑÀ» »ó½Â½ÃÄÑ µå¸³´Ï´Ù.
±ÇÇÑÀÌ »ó½ÂµÇ¸é ÀÌ °Ô½ÃÆÇÀÇ ¸ðµç ºñ¹Ð ±ÛµéÀ» º¼ ¼ö ÀÖ½À´Ï´Ù.
±×¸®°í GATE2·Î ÁøÀÔÇÒ ¼ö ÀÖ´Â °Ô½ÃÆÇ ÁÖ¼Ò¸¦ ¾Ë·Áµå¸³´Ï´Ù.
(¸çÄ¥ Àü¿¡ LEVEL15±îÁö Ç®¸é ÁÖ¼Ò¸¦ ¾Ë·Áµå¸°´Ù°í Çß¾ú´Âµ¥ LEVEL20À¸·Î Á¤Á¤ÇÕ´Ï´Ù.)
GATE2¿¡¼± ´õ ÀÌ»ó RedhatÀÌ ¾Æ´Ñ, Fedora ȯ°æ¿¡¼ ¹®Á¦¸¦ Ç®¾î ³ª°¡°Ô µË´Ï´Ù.
LEVEL20À» Á¡·ÉÇϽŠºÐÀº death_knight µð·ºÅ丮¿¡ ¶³±ÅÁø ¾ÆÀÌÅÛÀ» º¹»çÇؼ
°Ô½ÃÆÇ¿¡ ºñ¹Ð ±Û·Î ºÙ¿©³Ö±â ÇØÁֽøé Á¦°¡ ´ñ±Û·Î GATE2ÀÇ ÁÖ¼Ò¸¦ ¾Ë·Áµå¸³´Ï´Ù.
|
Hit : 2804 Date : 2010/03/30 03:43
|
218, 
7/11 
¸Û¸Û
CodeAche
buff3r
