|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1636 [º¹»ç]
********************************************
int main()
{
int auth = 0;
char passwd[20];
printf("Password : ");
gets(passwd);
if ( strcmp(passwd, "secretkey")==0 )
auth = 1;
if (auth)
printf("Success\n");
else
printf("Fail\n");
}
***********************************************
Á¦°¡ ÀÌÇØÇϱâ·Ð
ÀÌ ÄÚµå ÄÄÆÄÀÏÈÄ ½ÇÇà½Ã
Password :
ÀԷ¶õ¿¡ 20¹ÙÀÌÆ®°¡³Ñ´Â ÀԷ°ªÀ» ÁÙ°æ¿ì auth º¯¼öÀÇ ¿µ¿ªÀ¸·Î ³Ñ¾î°¡
¹öÆÛ¿À¹öÇ÷οìÇö»óÀÌ ¹ß»ýÇØ authÀÇ °ªÀÌ 0ÀÌ ¾Æ´Ñ°ªÀ¸·Î (°á·ÐÀûÀ¸·Î ÂüÀΰª)
À¸·Î º¯°æµÇ¾î¼ Success ¸¦ À¯µµÇϴ°ɷΠÀÌÇØÇߴµ¥ ÀԷ°ªÀ»
20¹ÙÀÌÆ® 1234567890 1234567890 1234 (¶ç¾î¾²±â´Â º¸½Ã±â ÆíÇ϶ó°í Çسí°Å±¸ ÀԷ½à ºÙ¿©¼¾¸)
ÀÔ·ÂÇÒ°æ¿ì Fail ÀÌ Ãâ·ÂµÇ°í
1234567890 1234567890 12345 ÀÔ·ÂÇÒ°æ¿ì
Fail ÀÌ Ãâ·ÂµÇ¸é¼ ¾Æ·¡¿Í°°Àº Ų ¿¡·¯¹®ÀÌ Ãâ·ÂµÇ´Âµ¥
¾î¶»°ÔÇؾßÇϴ°ǰ¡¿ä?
¼ýÀÚ·ÎÀÔ·ÂÇÏÁö¾Ê°í ¾ËÆĹîÀ¸·Î 20±ÛÀÚÀÔ·ÂÈÄ 4±ÛÀÚ ÀÔ·ÂÇصµ ¶È°°ÀÌ fail ÀÌ Ãâ·ÂµË´Ï´Ù.
½Ã½ºÅÛÂ÷À̶§¹®Àΰ¡¿ä??
¿ìºÐÅõ ÃֽŹöÁ¯»ç¿ëÁßÀÔ´Ï´Ù.
**********************************************************************************************************
Fail
*** stack smashing detected ***: ./quiz terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffa6f41d807]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7ffa6f41d7d0]
./quiz[0x400693]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7ffa6f33476d]
./quiz[0x400539]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:05 2230860 /home/rura/study/hack/buffer_overflow/quiz
00600000-00601000 r--p 00000000 08:05 2230860 /home/rura/study/hack/buffer_overflow/quiz
00601000-00602000 rw-p 00001000 08:05 2230860 /home/rura/study/hack/buffer_overflow/quiz
01907000-01928000 rw-p 00000000 00:00 0 [heap]
7ffa6f0fd000-7ffa6f112000 r-xp 00000000 08:05 3149398 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffa6f112000-7ffa6f311000 ---p 00015000 08:05 3149398 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffa6f311000-7ffa6f312000 r--p 00014000 08:05 3149398 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffa6f312000-7ffa6f313000 rw-p 00015000 08:05 3149398 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffa6f313000-7ffa6f4c8000 r-xp 00000000 08:05 3153563 /lib/x86_64-linux-gnu/libc-2.15.so
7ffa6f4c8000-7ffa6f6c7000 ---p 001b5000 08:05 3153563 /lib/x86_64-linux-gnu/libc-2.15.so
7ffa6f6c7000-7ffa6f6cb000 r--p 001b4000 08:05 3153563 /lib/x86_64-linux-gnu/libc-2.15.so
7ffa6f6cb000-7ffa6f6cd000 rw-p 001b8000 08:05 3153563 /lib/x86_64-linux-gnu/libc-2.15.so
7ffa6f6cd000-7ffa6f6d2000 rw-p 00000000 00:00 0
7ffa6f6d2000-7ffa6f6f4000 r-xp 00000000 08:05 3158930 /lib/x86_64-linux-gnu/ld-2.15.so
7ffa6f8df000-7ffa6f8e2000 rw-p 00000000 00:00 0
7ffa6f8ef000-7ffa6f8f4000 rw-p 00000000 00:00 0
7ffa6f8f4000-7ffa6f8f5000 r--p 00022000 08:05 3158930 /lib/x86_64-linux-gnu/ld-2.15.so
7ffa6f8f5000-7ffa6f8f7000 rw-p 00023000 08:05 3158930 /lib/x86_64-linux-gnu/ld-2.15.so
7fff31dee000-7fff31e0f000 rw-p 00000000 00:00 0 [stack]
7fff31e7d000-7fff31e7e000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
ÁßÁöµÊ (core dumped)
****************************************************************************************************************
|
Hit : 4067 Date : 2013/01/15 11:08
|
1576, 
1/79 
