22002, 1/1101 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   lMaxl04
   http://1111
   libc °ü·Ã

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Board&no=37634 [º¹»ç]


Æ÷³Êºí ¹®Á¦¸¦ Ç®´Ùº¸¸é libc°¡ Á¦°øµÇ´Â °æ¿ì°¡ ´Ù¼Ò ÀÖ´Â °Í °°½À´Ï´Ù

¹®Á¦ ÆÄÀÏ ½ÇÇà ½Ã ÇØ´ç ÆÄÀÏÀ» ÂüÁ¶ÇؾßÇϴµ¥ ¾î¶»°Ô ÂüÁ¶ÇÏ°Ô ¸¸µé ¼ö ÀÖ³ª¿ä?

libc¿¡ ¸Â´Â ld ÆÄÀÏÀ» ã¾Æ ÇÔ²² patchelf¸¦ Çغ¸·ÁÇßÀ¸³ª libc¿¡ ¸Â´Â ld ÆÄÀÏÀÌ Àß Ã£¾ÆÁöÁö ¾Ê±âµµ ÇÏ°í¿ä ¤Ð¤Ð

¹°·Ð ³ë°¡´Ù·Î ¿ÀÇÁ¼ÂÀ» ±¸ÇÒ ¼ö´Â ÀÖ´Ù´Â°Ç Áõ¸íÇÏ¿´½À´Ï´Ù ¤¾¤¾

  Hit : 1291     Date : 2022/07/29 06:02



    
lMaxl04 Ãß°¡·Î, strings·Î libc ÆÄÀÏ¿¡¼­ /bin/shÀÇ offsetÀ» ã´Âµ¥, ÇÔ¼ö ÁÖ¼Ò´Â ¿Ö ±×·¸°Ô ãÀ¸¸é offsetÀÌ ´Ù¸¥Áö ±Ã±ÝÇÕ´Ï´Ù. 2022/07/29  
cd80 º¸Åë libc°¡ ÁÖ¾îÁö´Â °æ¿ì¿¡ patchelf°°Àº°É·Î °°ÀÌ ½ÇÇàÇؾߵǴ °æ¿ì´Â Èü¹®Á¦Ç®¶§ ¾Æ´Ï¸é °ÅÀÇ ¾ø½À´Ï´Ù
Èü¹®Á¦Ç®¶§´Â ÁÖ¾îÁø libc·Î °°ÀÌ ½ÇÇàÇϸé ÁÁÀº ÀÌÀ¯°¡ libc ¹öÀü¸¶´Ù Èü¿¡ °É·ÁÀÖ´Â check & mitigationÀÌ ´Ù¸£±â ‹š¹®ÀÔ´Ï´Ù
´ñ±ÛÀÇ ³»¿ëÀ¸·Î º¸¾Æ ´Ü¼øÈ÷ systemÇÔ¼ö¿Í /bin/sh¹®ÀÚ¿­ÀÇ ¿ÀÇÁ¼Â¸¸ ãÀ¸¸é µÇ´Â °æ¿ì °°Àºµ¥
(base) ➜ ~ strings -t x /lib/x86_64-linux-gnu/libc.so.6 | grep /bin/sh
1b45bd /bin/sh
(base) ➜ ~ objdump -d /lib/x86_64-linux-gnu/libc.so.6 | grep system\.\*\>:
0000000000052290 <__libc_system@@GLIBC_PRIVATE>:
0000000000153ae0 <svcerr_systemerr@@GLIBC_2.2.5>:
(base) ➜ ~

ÀÌ·±½ÄÀ¸·Î ãÀ¸½Ã¸é µË´Ï´Ù
/bin/shÀÇ offset = 0x1b45bd
systemÀÇ offset = 0x52290

ÇÔ¼öÁÖ¼Ò¸¦ strings·Î ãÀ¸¸é ´Ù¸¥ ÀÌÀ¯´Â systemÇÔ¼öÀÇ ½ÃÀÛÀº "system"¹®ÀÚ¿­ÀÇ ÁÖ¼Ò°¡ ¾Æ´Ï¶ó systemÇÔ¼ö ÄÚµåÀÇ ½ÃÀÛÁּұ⠶§¹®À̱¸¿ä
2022/08/01  
lMaxl04 ¿ª½Ã ¤¾¤¾ ±â´Ù·È½À´Ï´Ù
¿ì¼± ´ñ±ÛÀÇ Áú¹®¿¡ ´ëÇÑ ´äÀº Àß ÀÌÇØÇß½À´Ï´Ù.

¸»¾¸ÇϽŠ°Í°ú °°ÀÌ ´Ü¼øÈ÷ offsetÀ» ±¸ÇÏ´Â °æ¿ì°¡ ´ëºÎºÐÀ̶ó »ç½Ç ±×³É ãÀ¸¸é µÇ±ä Çϴµ¥, °£È¤ libc ³»ÀÇ Æ¯Á¤ ÇÔ¼öÀÇ Áß°£ÁîÀ½¿¡¼­ memory leakÀÌ ÀϾ´Â °æ¿ì libc ¹öÀü¿¡ µû¶ó¼­ ÇØ´ç ÇÔ¼öÀÇ À§Ä¡°¡ ´Ù¸¥ °æ¿ì°¡ ÀÖ´Â °ÍÀ» È®ÀÎÇÏ¿©¼­ ±×·± ±Ã±ÝÁõÀÌ µé¾ú½À´Ï´Ù ¤¾¤¾

¿¹¸¦ µé¾î libc_1.so ¿¡¼­ printf + 100ÀÇ À§Ä¡°¡ leak µÇ¾ú´Âµ¥,
libc_2.so¿¡¼­´Â printf + 200ÀÇ À§Ä¡°¡ leak µÇ´Â °æ¿ì ÀÔ´Ï´Ù.

¿ª½Ã patchelf ¸»°í´Â ¹æ¹ýÀÌ ¾øÀ¸·Á³ª¿ä?
2022/08/01  
cd80 ½±Áö ¾Ê³×¿ä ¾î¶² °æ¿ìÀÎÁö ¾Ë°Ú´Âµ¥ Àúµµ ±×·²¶§¸¶´Ù Á¤È®È÷ ½ÃÀÛÁ¡ÀÌ ¸¯µÇ´Â ÇÔ¼öµé·Î ¹Ù²ã¼­ ¸¯½ÃÄ×¾ú°Åµç¿ä memcpyÇÔ¼ö°°Àº°æ¿ì´Â base³ª lenÀÇ align¿¡ µû¶ó fast path, slow path·Î ³ª´²Áö±âµµ Çϴµ¥ ±×·±°æ¿ì¿¡ ´Ù¸£°Ô ¸¯µÇ´Â°Ô ¾Æ´Ò±î ½Í³×¿ä Á¤È®ÇÑ ÀÌÀ¯´Â ¸ð¸£°Ú½À´Ï´Ù 2022/08/02  
lMaxl04 ´äº¯ °¨»çÇÕ´Ï´Ù ¤¾¤¾
¿ì¼±Àº patchelf¿¡ ´ëÇؼ­ Á¶±Ý ¾Ë¾ÆºÁ¾ß°Ú½À´Ï´Ù.
¿ª½Ã³ª À̹ø¿¡µµ Å« µµ¿ò µÇ¾ú½À´Ï´Ù. °¨»çÇÕ´Ï´Ù
2022/08/03  
22002   2024 ÇÙÅ׿ ¼¼Á¾ ±¹Á¦ »çÀ̹öº¸¾È À§Å© ¾È³»[1]     2024ÇÙÅ׿¼¼Á¾
03/25 33
22001   µð½ºÄÚµå ¾ÆÀ̵ð·Îµµ »ó´ë¹æ Á¤º¸¸¦ ¾Ë¼ö ÀÖÀ»±î¿ä?[3]     eun7594
03/17 102
22000   [±¸ÀÎ] VB,VMP ¸®¹ö½Ì °¡´ÉÇϽźРã½À´Ï´Ù.[2]     tachys
03/12 94
21999   ÀúÁ» µµ¿ÍÁÖ¼¼¿ä[1]     since3004
02/21 192
21998   ÇÁ·¢ 71È£ CFP °ø°³µÇ¾ú½À´Ï´Ù[7]     jdo
02/04 249
21997   ÇØÅ· ¹è¿ì°í ½ÍÀºµ¥ ³Ê¹« ¾î·Æ³×¿ä Áú¹®ÇÒ°Ô ÀÖ½À´Ï´Ù.     vbnm11
01/28 568
21996   ¾È³çÇϼ¼¿ä~ ÇØÅ·¿¡ ´ëÇؼ­ ¹°¾îº¸°í½Í¾î¼­ ¸îÀÚ ¿Ã¸³´Ï´Ù.     whddnrdl1318
01/23 389
21995   ½Ã½ºÅÛÇØÅ· °ú¿Ü ¸ðÁýÇÕ´Ï´Ù. [4]     osor2
01/13 450
21994   À¥ÇØÅ· / ÇØÅ· ½ßÃʺ¸ ¹× Ãʺ¸ ±âÃÊ´Ü°èºÎÅÍ °ú¿Ü Çص帳´Ï´Ù~[6]     °íÇϸ°
01/07 543
21993   Çѱ¹ ÇØÄ¿´Ôµé ¸ðµÎ ÁÁÀº ÇÑ ÇØ ÈûÂ÷°Ô ½ÃÀÛÇÏ½Ã±æ ¹Ù¶ø´Ï´Ù. ^^[3]     jdo
01/03 329
21992   ÇØÅ· º¸¾È °ü·Ã °ú¿Ü¸¦ ÁøÇàÇÕ´Ï´Ù.     bluewindsoul
12/26 321
21991   [ (ÇØÅ· ÇÐȸÁö) º¸¾È Ãë¾à¼º ¿¬±¸] Ãâ½Ã![5]     jdo
12/20 533
21990   À¥ ÇØÅ· ¼±»ý´Ô ±¸ÇÝ´Ï´Ù.      ms24
12/15 332
21989   ¾È³çÇϼ¼¿ä ÇØÅ· °ú¿Ü¼±»ý´Ô ¸ð¼Å¿ä     dltjwns1
12/05 375
21988   (±¸ÀÎ) À¥ÇØÅ· ¼±»ý´Ô ¸ð¼Åº¾´Ï´Ù !     mooa1
10/17 624
21987   ÇØÅ· °øºÎ ¼ø¼­Á» ¾Ë·ÁÁÖ¼¼¿ä.. ÀÌÁ¦ ¸· ÀÔ¹® Çß½À´Ï´Ù... [2]     walker
10/11 1084
21986   ÇØÄ𼥿¡¼­ ÆǸÅÇÏ´Â ±³Àç PDF¸¦ ¾Ë°í½Í½À´Ï´Ù.     fishersofmen
09/21 615
21985   ÇØÄð¼¥ µé¾î°¡ÁöÁö°¡ ¾Ê³×¿ä     fishersofmen
09/21 529
21984   ¾È³çÇϼ¼¿ä ÇØÅ·Æı«ÀÇ ±¤ÇРå¿¡ ³ª¿Â´Â ¿¹Á¦¼Ò½ºÄÚµåÀε¥ ½ÇÇàÀÌ ¾ÈµÇ´Â ÀÌÀ¯¸¦ ¸ð¸£°Ú½À´Ï´Ù.     fishersofmen
09/21 399
21983   ADHD ÀÇ °íÅë ½º·¯¿î »î[1]     gggg
09/20 720
1 [2][3][4][5][6][7][8][9][10]..[1101]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org