http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Board&no=37361 [º¹»ç]
pwnable.kr starcraft ¹®Á¦¿¡ °üÇÑ Áú¹®ÀÔ´Ï´Ù.
ÀÏ´Ü checksec·Î °Ë»çµÇ´Â º¸È£±â¹ýÀº ´Ù °É·ÁÀÖ½À´Ï´Ù.(RELRO, Canary, NX, PIE)
ÀÌ·± »óȲ¿¡¼ Á¤¼®Àº libc base address¸¦ µý ÈÄ¿¡ rip hijackÀ» Çؼ ¸ÅÁ÷ °¡Á¬À» ³ÖÀ¸¸é µÇ°ÚÁö¿ä. ±×·¡¼ ±×·¸°Ô Çߴµ¥...
libc base leak, rip hijack, one gadgetÀ» Á¶ÇÕÇÏ·Á°í ¼¼°³ ´Ù ¾Ë¾Æ³Â½À´Ï´Ù.
±×·±µ¥ one gadgetÀÇ constraint¸¦ ¸¸Á·À» ¾ÈÇϳ׿ä. ¾î¶»°Ô ÇØ¾ß ÇÒÁö ¸ð¸£°Ú½À´Ï´Ù.
Ȥ½Ã ÀÌ ¹®Á¦ Ǫ¼Ì°Å³ª ¾Æ´Ï¸é ¾ÆÀ̵ð¾î ÀÖÀ¸½Å ºÐ Á¶¾ðÀ» Á» ÇØÁÖ½Ã¸é °¨»çÇÏ°Ú½À´Ï´Ù.
(cf) °¡Á¬ÀÇ Á¦ÇÑ »çÇ×Àº À̸¦Å׸é ÀÌ·±°Ì´Ï´Ù.
(ex) rax == NULL
(ex) [rsp+0x30] == NULL |
Hit : 4747 Date : 2020/06/26 03:21
|