½Ã½ºÅÛ ÇØÅ·

 1576, 1/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ewqqw
   ¹öÆÛ ¿À¹öÇÃ·Î¿ì °ü·Ã

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1865 [º¹»ç]


Starting program: /home/realbof/realbof `python -c 'print "A"*100 + "\x7f\xfd\xff\xbf"'`

Breakpoint 1, 0x0804846e in main ()
(gdb) x/100wx $esp
0xbffff4d0:        0xbffff4ec        0xbffff753        0x02c0003f        0x00000000
0xbffff4e0:        0xbffff594        0xbffff508        0xbffff500        0x41414141
0xbffff4f0:        0x41414141        0x41414141        0x41414141        0x41414141
0xbffff500:        0x41414141        0x41414141        0x41414141        0x41414141
0xbffff510:        0x41414141        0x41414141        0x41414141        0x41414141
0xbffff520:        0x41414141        0x41414141        0x41414141        0x41414141
0xbffff530:        0x41414141        0x41414141        0x41414141        0x41414141
0xbffff540:        0x41414141        0x41414141        0x41414141        0x41414141
0xbffff550:        0xbffffd7f        0x00000000        0x00000000        0xb7e2fa83
0xbffff560:        0x00000002        0xbffff5f4        0xbffff600        0xb7feccea
0xbffff570:        0x00000002        0xbffff5f4        0xbffff594        0x0804a018
0xbffff580:        0x0804822c        0xb7fc1000        0x00000000        0x00000000
0xbffff590:        0x00000000        0x1256c241        0x28488651        0x00000000
0xbffff5a0:        0x00000000        0x00000000        0x00000002        0x08048350
0xbffff5b0:        0x00000000        0xb7ff2500        0xb7e2f999        0xb7fff000
0xbffff5c0:        0x00000002        0x08048350        0x00000000        0x08048371
0xbffff5d0:        0x0804844d        0x00000002        0xbffff5f4        0x08048490
0xbffff5e0:        0x08048500        0xb7fed180        0xbffff5ec        0x0000001c
0xbffff5f0:        0x00000002        0xbffff73d        0xbffff753        0x00000000
0xbffff600:        0xbffff7bc        0xbffff7cd        0xbffff7dd        0xbffff7e8
0xbffff610:        0xbffff80b        0xbffff81f        0xbffff832        0xbffff83f
0xbffff620:        0xbffffd60        0xbffffd6c        0xbffffe13        0xbffffe27
0xbffff630:        0xbffffe85        0xbffffe9c        0xbffffeab        0xbffffecc
0xbffff640:        0xbffffede        0xbffffeef        0xbffffef8        0xbfffff0b
0xbffff650:        0xbfffff13        0xbfffff28        0xbfffff38        0xbfffff6e

¿©±â¿¡¼­... retÁÖ¼Ò¸¦ ¾î¶»°Ô ã¾Æ³»³ª¿ä?? 100byte Â¥¸® º¯¼öÀÔ´Ï´Ù¸¸...
ȯ°æº¯¼ö¿¡ ½©ÄÚµå Áý¾î³Ö°í ret¿¡ µÚÁý¿¡ ¾º¿ï·Á°í Çϴµ¥ ¹¹°¡ sfp°í ¹¹°¡ retÀÎÁö ¸ô¶ó¼­ ÇÑÂü Çì¸Å°í Àֳ׿ä... Á¶¾ðºÎŹµå¸³´Ï´Ù...
  Hit : 2776     Date : 2017/04/20 02:44


    
ÇØÄð·¯ 0xbffff540: 0x41414141 0x41414141 0x41414141 0x41414141
0xbffff550: 0xbffffd7f 0x00000000 0x00000000 0xb7e2fa83
¿©±â¼­ 0xb7e2fa83 ÀÌ°Ô ret°°½À´Ï´Ù
mainÇÔ¼öÀÇ ¸®ÅϾîµå·¹½º´Â ¶óÀ̺귯¸® ÁÖ¼ÒÀÔ´Ï´Ù(__libc_start_main)
±×·¡¼­ x/i ±× ÁÖ¼Ò ÇßÀ» ¶§ __libc_start_main+~~~ °¡ ³ª¿Í¾ß ÇÏ°í º¸ÅëÀº 200ÀÌ»óÀÔ´Ï´Ù
±×¸®°í ±× ÁÖ¼Ò - 5, -4, -3, -2, -1 À» ´Ù x/iÇغÃÀ»¶§ call ÀνºÆ®·°¼ÇÀÌ ³ª¿À¸é ±×°Ô mainÇÔ¼ö°¡ È£ÃâµÇ´Â ºÎºÐÀÔ´Ï´Ù		 2017/04/20  
ewqqw ÇØ°áµÇ¾ú½À´Ï´Ù~~ 2017/04/21