|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=30930 [º¹»ç]
Á¦°¡ level5¸¦ ¸ô¶ó¼ ³×À̹ö¿¡ °Ë»ö Çß½À´Ï´Ù ±×·±µ¥ Á¦°¡ ³×À̹ö ºí·Î±×¿¡ ³ª¿ÍÀִ°Ŷû ¶È°°ÀÌ µû¶óÇߴµ¥ ¾ÈµÇ¿ä ¤Ð¤Ð
Á¦°¡ /tmp ÆÄÀÏ¿¡¼ level5.tmp¸¦ ¸¸µé¾ú´Âµ¥ ¾ÈµÇ´õ¶ó°í¿ä ¤Ð¤Ð
±×·¡¼ ´Ù½Ã ¸¸µé¾î¼ ls -al·Î ±ÇÇÑÀ» È®ÀÎ Çߴµ¥ ºÐ¸í level5 ±ÇÇÑÀÌ°É¿©Àִµ¥...
-rw-rw-r-- 1 level5 level5 0 6¿ù 7 15:13 level5.tmp
±×·¡¼ Àڽà ³×À̹ö ºí·Î±×¸¦ ºÃ´Âµ¥ level6°¡ Á¦°¡ ¸¸µç level5±ÇÇÑ ¶§¹®¿¡ level5.tmpÆÄÀÏÀ» »èÁ¦
¸øÇѴٴµ¥
¿Ö ¾î¶»°Ô ±×ÆÄÀÏÀ» »èÁ¦ÇßÀ»±î¿ä???
±×·¡¼ /usr/bin/level5 ±ÇÇÑÀ» ºÃ´Âµ¥
-rwx--x--- 1 level6 level5 14402 3¿ù 29 2003 /usr/bin/level5
¶ó°í ³ª¿Í Àִµ¥ ºí·Î±× »çÁø¿¡´Â /usr/bin/level5¿¡ level6 setuid°É¿©Àִµ¥....
Ȥ½Ã level6 setuid°¡ ¾È°É·Á¼ ¾ÈµÇ´Â°É±î¿ä??
|
Hit : 10499 Date : 2013/06/08 05:42
|
22019, 
1/1101 
U_SoRang
