½Ã½ºÅÛ ÇØÅ·

 1576, 1/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   vngkv123
   aslr ȯ°æ¿¡¼­...

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1854 [º¹»ç]


64ºñÆ® µ¿Àû¸µÅ·»óÅ¿¡¼­, Äڵ尡 Á¤¸» readÇÔ¼ö¿Í return 0¸¸ Á¸ÀçÇÏ°í ¾î¶°ÇÑ Ãâ·ÂÇÔ¼ö°¡ Á¸ÀçÇÏÁö¾ÊÀ»¶§(16¹ÙÀÌÆ® ¹öÆÛ¿¡ 0x400¸¸Å­ read), read@got ¿£Æ®¸®¿¡ ÀÖ´Â °¡Á®¿Â readÁÖ¼Ò 1¹ÙÀÌÆ®¸¦ ÇÔ¼ö³» syscall·Î overwriteÇÏ¿© eax³ª rax·¹Áö½ºÅÍ¿¡ 1À» ³Ö°í  writeÇÔ¼ö¸¦ È£ÃâÇÏ´Â°Ô ÀÖ´øµ¥ Ȥ½Ã ÀÌ ¹æ¹ý¿¡ ´ëÇØ ¾Æ½Ã´Â ºÐ ÀÖ³ª¿ë?

libc¸¦ ¸ð¸£´Âȯ°æ¿¡¼­ ¾î¶»°Ô ÇØ´ç syscallÀÇ À§Ä¡¸¦ ¾Ë¾Æ¼­ 1¹ÙÀÌÆ® ¿À¹ö¶óÀÌÆ®¸¦ ÇÏ°í eax³ª rax(µÑ ´Ù ¾îÂ÷ÇÇ °ÅÀÇ °°Áö¸¸)¿¡ 1À» ³Ö¾îÁÖ´ÂÁö ¸ð¸£°Ú³×¿ä ... °¡Á¬µµ ¾ø´Â°Å °°´øµ¥..

https://devcraft.io/posts/2017/04/09/start-hard-asis-ctf-quals-2017.html

Àǹ®Á¡À» Ç°Àº asis 2017 start_hard¶ó´Â ¹®Á¦ÀÇ ¶óÀÌÆ®¾÷Àε¥ Ȥ½Ã ´äÇØÁÖ½Ç ¼ö ÀÖ´Â ºÐ °è¼ËÀ¸¸é ÁÁ°Ú½À´Ï´Ù ¤Ð

¶ÇÇÑ, ASLRȯ°æ¿¡¼­ ºÐ¸í libcÁÖ¼Òµµ ¹Ù²î¾î got entry¿¡ ¿Ã¶ó°¡´Â ÇÔ¼ö ÁÖ¼Òµµ Ç×»ó ¹Ù²ð°ÍÀε¥ ¿Ö gdb»ó¿¡¼­
got entry¸¦ run¹Ýº¹Çϸ鼭 º¸¸é ÁÖ¼Ò°¡ °è¼Ó ±×´ë·Î´øµ¥ ¿Ö±×·±°ÅÁÕ
  Hit : 3266     Date : 2017/04/12 04:31


    
vngkv123 syscallÀ» read·Î 1¹ÙÀÌÆ® ¿À¹ö¶óÀÌÆ® Çҽÿ¡ readÇÔ¼ö°¡ Å©±â¸¦ ¹ÝȯÇϱ⶧¹®¿¡ 1ÀÌ ¹ÝȯµÇ¼­ eax¿¡ 1ÀÌ ÀÖ´Â°Ç ¾Ë¾Ò½À´Ï´ç !! 2017/04/12  
ÇØÄð·¯ gdb¿¡¼­ ASLRÀ» ²ö »óÅ·Π½ÇÇàÇÒ ¼ö ÀÖ½À´Ï´Ù
https://outflux.net/blog/archives/2010/07/03/gdb-turns-off-aslr/
ÄÑÁø»óÅ¿¡¼­ µ¹¸®°í½ÍÀ¸½Ã¸é À§ ¸µÅ© Âü°íÇÏ½Ã¸é µË´Ï´Ù		 2017/04/13