|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1924 [º¹»ç]
pwnalbe.kr passcode¹®Á¦¸¦ putty¸¦ ÀÌ¿ëÇÏ¿© Á¢¼ÓÀ» Çß½À´Ï´Ù.
passcode¶ó´Â ½ÇÇà ÆÄÀÏ°ú passcode.c ¼Ò½º ÆÄÀÏÀÌÀÖ½À´Ï´Ù. ³»¿ëÀº
#include <stdio.h>
#include <stdlib.h>
void login(){
int passcode1;
int passcode2;
printf("enter passcode1 : ");
scanf("%d", passcode1); ///////////À̺κÐ!!!
fflush(stdin);
// ha! mommy told me that 32bit is vulnerable to bruteforcing :)
printf("enter passcode2 : ");
scanf("%d", passcode2); ///////////À̺κÐ!!!
printf("checking...\n");
if(passcode1==338150 && passcode2==13371337){
printf("Login OK!\n");
system("/bin/cat flag");
}
else{
printf("Login Failed!\n");
exit(0);
}
}
void welcome(){
char name[100];
printf("enter you name : ");
scanf("%100s", name);
printf("Welcome %s!\n", name);
}
int main(){
printf("Toddler's Secure Login System 1.0 beta.\n");
welcome();
login();
// something after login...
printf("Now I can safely trust you that you have credential :)\n");
return 0;
}
Áß¿äÇÑ°Ç ¿©±â¼ ///////////À̺κÐ!!! À̶ó°í ÀûÇô ÀÖ´Â
scanf("%d", passcode1);
scanf("%d", passcode1);
ÀÌ µÎ ¹®Àå¿¡¼ &°¡ ¾ø±â ¶§¹®¿¡ passcode1°¡ °¡Áö°í ÀÖ´Â ¾²·¹±â °ªÀÇ ÁÖ¼Ò¿¡ ÀÔ·Â °ªÀ» ³Ö°Ô µÇÀܾƿä? ±×·±µ¥ ¾²·¹±â °ªÀÌ À¯È¿ÇÏÁö ¾ÊÀº ÁÖ¼Ò°ªÀ̶ó¸é segmentation falult ¸Þ½ÃÁö°¡ Ãâ·Â µÇ´Â °É ¾Ë°íÀִµ¥¿ä
ÀÌ»óÇÏ°Ô ÇÁ·Î±×·¥À» ½ÇÇà ½ÃÄѼ ¼ýÀÚ¸¦ ³ÖÀ¸¸é segmentation fault ¸Þ½ÃÁö°¡ Ãâ·ÂÀÌ µÇ´Âµ¥ ¿µ¾î ¾ËÆĺªÀ» ÀÔ·ÂÇϸé ÀÔ·ÂÀÌ µÇ´õ¶ó±¸¿ä...
±×¸®°í fflush ÇÔ¼ö°¡ Àִµ¥µµ scanf("%d", passcode1); ¹®ÀåÀÇ ¾ËÆĺª ÀÔ·ÂÀ» ¹Þ°í ³ª¸é scanf("%d", passcode1); À̹®ÀåÀº ÀÔ·Â ¹ÞÀ» ±âȸµµ
¾øÀÌ °Ç³Ê ¶Ù°í ´ÙÀ½ ¹®ÀåµéÀÌ ½ÇÇàÀÌ µË´Ï´Ù... ¾î¶² ÀÌÀ¯ÀÎÁö »ý°¢À» ÇغÁµµ ¾Ë±æÀÌ ¾ø¾î¼ ÀÌ·¸°Ô Áú¹® µå¸³´Ï´Ù!!
|
Hit : 2691 Date : 2018/06/07 10:24
|
1576, 
1/79 
