1581, 3/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ssuckies
   http://www.ganseo.com
   ±×³àÀÇ Vulnerabilities¿¡ µû¸¥ Remote/local one night stand exploit.

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=173 [º¹»ç]


#À̰͵µ ÀÚÀ¯ °­Á¿¡ µé¾î°¡´ÂÁö... °­Á´ °­ îµ¥...^^

±×³àÀÇ Vulnerabilities¿¡ µû¸¥ Remote/local one night stand exploit.

±×³à´Â multiple vulnerability¸¦ °¡Áö°í ÀÖ¾î malicious code¸¦ »ðÀÔÇϱâ À¯¿ëÇÏ´Ù.
ÀÏ´Ü ¾ÖÀÎÀÌ ÀÖ´Â ±×³à´Â ¾ÖÀÎÀÚü°¡ Ãë¾àÇÏ´Ù.
Phone number spoofing ±â¹ýÀ» ÀÌ¿ëÇÏ¿© sms message¿¡ malicious code¸¦ »ðÀÔÇÏ¿© º¸³»¸é
½Å·ÚµÈ °ü°è¸¦ ¾ø¾Ù¼ö ÀÖ´Ù.
ÀÏ´Ü DDOS°ø°ÝÀ¸·Î ½Å·Ú°ü°è¿¡ ÀÖ´Â ¾ÖÀÎÀÇ SMS¿¡ ´õÀÌ»óÀÇ message°¡ °¡Áö ¾Ê°Ô ¸¸µç´Ù.
ÀÎÅÍ³Ý »ó¿¡´Â ¿ì¸®°¡ »ç¿ëÇϱ⠽¬¿î ¹«·á SMS Message sending service°¡ ÁñºñÇÏ´Ù.
±×ÈÄ Phone number spoofing ±â¹ýÀ¸·Î ±×³àÀÇ SMS¿¡ malicious message¸¦ º¸³»°í
±×³àÀÇ ack message¸¦ ÃßÃøÇÏ¿© ´ÙÀ½ message¸¦ º¸³½´Ù.
±×³à¿Í ¾ÖÀÎÀÇ ½Å·Ú°ü°è°¡ ±úÁö±â ½ÃÀÛÇϸé ÀÏ´Ü Æ´»õ°¡ º¸À̱⠽ÃÀÛÇÑ°ÍÀÌ´Ù.

±×³àÀÇ nobody privilege shellÀ» ¾ò±â À§ÇÏ¿© ¿ì¸®´Â remote exploitÀ» ÁغñÇÑ´Ù.
ÀÏ´Ü external·Î connectÇÒ¼ö ÀÖ´Â holeÀ» ã¾Æº¸µµ·Ï ÇÏÀÚ.
¿©±â¼­ ¿ì¸®´Â ¿©·¯°¡Áö vulnerability¸¦ ã¾Æ¼­ Àß Â¥¿©Áø °¢º»´ë·Î ¼ø½Ä°£¿¡ ÇØ°áÇϴ°ÍÀÌ ÇÊ¿äÇÏ´Ù.
ÇÊ¿äÇÏ´Ù¸é ºñ½ÁÇÑ host¸¦ ã¾Æ ÃæºÐÇÑ ¿¬½ÀÈÄ ½ÇÀü¿¡ µé¾î°¡´Â ÁöÇýµµ ¾²Àϼö ÀÖ´Ù.
ÀÏ´Ü ±×³àÀÇ À̸§°ú ³ªÀ̸¦ ÀÌ¿ëÇÏ¿© searching.......
cyworld¿¡ minihome pageÀÇ XSS Vulnerability°¡ ÀÖ´Ù´Â °ÍÀÌ È®ÀεǾú´Ù.
±×³àÀÇ environmentµé¿¡ Á¢±ÙÇÏ¿© À¯¿ëÇÑ scriptµéÀ» ¶ç¿î´Ù.
a coincidence... ÀÌ°ÍÀÌ ±×³àÀÇ nobody privilege shellÀ» ¾ò±â À§ÇÑ ±â¹ÝÀÌ µÇ¾ú´Ù.
ÀÏ´Ü scriptµéÀ» ÀÌ¿ëÇØ ±×³à¿ÍÀÇ ÀÚ¿¬½º·¯¿î drink shellÀ» ¾ò¾ú´Ù.

ÀÌÁ¦ºÎÅÍ´Â local exploitÀ» À§ÇÑ vulnerability¸¦ ã¾Æ¾ßÇÑ´Ù.
ÀÏ´Ü ±×³à¿¡°Ô´Â alcoholic drinks overflow vulnerability°¡ Àִٴ°ÍÀ» ¾Ë°Ô µÇ¾ú´Ù.
°Ô´Ù°¡ ±×³à´Â religion string bug°¡ Àִ°ÍÀ¸·Î ÆÇ¸í³µ´Ù.
ÀÏ´Ü ¾ÈŸ±õ°Ôµµ ù¹ø° vulnerability¿¡¼­´Â egg hunterµéÀÎ ¼ú¸ÔÀ¸¸é µ¥·Á´ÙÁִ ģ±¸µéÀÌ Àִ°ÍÀ¸·Î ÆÇ¸í³µ´Ù.
±×¸®°í ´ÜµÑÀÌ ÀÖÀ»¶§´Â 1 cup overflow¹Û¿¡ ÀϾÁö ¾Ê´Â´Ù´Â °ÍÀ» ¾Ë¾Ò´Ù.
±×¸®°í religion string bugÀÎ ±³È¸¿¡¼­´Â L.O.V.E·Î ÀÎÇÑ one night stand°¡ Èûµé´Ù´Â°ÍÀ» ¾Ë°Ô µÇ¾ú´Ù.

³ª´Â 1 cup overflowÀÇ ÇعýÀ» ¾Ë°í ÀÖ¾ú±â¿¡ ±×°÷À» °ø·«Çϱâ·Î ¸¶À½¸Ô¾ú´Ù.
½ÇÀü¿¡ µé¾î°¡±â Àü¿¡ °°Àº ȯ°æÀ¸·Î ¸¸µç girl¿¡°Ô ½ÇÀüÅ×½ºÆ®µµ ÀØÁö ¾Ê¾Ò´Ù.
ÀÏ´Ü ´ÜµÑÀÇ drink shellÀ» ºü¸£°Ô ¾ò¾î³ª°£ÈÄ 1 cup overflow¸¦ ÀÏÀ¸Ä×´Ù.
¿ÏÀüÇÑ overflow°¡ ¾Æ´Ï±â ¶§¹®¿¡ Á¶½É½º·´°Ô ³»°¡ ¿øÇÏ´Â place·Î return ½ÃÅ°±â À§ÇØ À¯µµÇß´Ù.
°á±¹ ±×³à´Â ³»°¡ ¿øÇÏ´Â °÷À¸·Î return Çß°í ³ª´Â local root¸¦ µþ¼ö ÀÖ°Ô µÇ¾ú´Ù.
¹°·Ð root¸¦ µý ÈÄ¿¡´Â ³» ÈçÀûÀ» Áö¿ì±â À§ÇØ ±×³àÀÇ cel-PhoneÀÇ log¸¦ deleteÇÏ¿´´Ù.
±×³à´Â µÚ´Ê°Ô ³» ÁÖº¯ÀÇ ¸ðµç marks°¡ spoofingµÈ °ÍÀÓÀ» ¾Ë¼ö ÀÖ¾îÁö¸¸ ÀÌ¹Ì ÆødzÀº Áö³ª°¡°í ³­ ÈÄ¿´´Ù.

writed by ganseo.
homepage : http://www.ganseo.com
e-mail : postmaster@ganseo.com

  Hit : 10154     Date : 2004/03/29 10:48



    
ssuckies ½É½ÉÇؼ­ Çѹø ½áºÃ½À´Ï´Ù.^_^ È÷È÷ 2004/03/29  
¸Û¸Û Àç¹Õ³×¿ä^^ 2004/03/30  
1541   [[ÃʱÞ/°­ÁÂ]] À¯´Ð½º ÁÖ¿ä ¸í·É¾î[7]     ¼ÒÀ¯
10/09 14537
1540   [[ÃʱÞ/°­ÁÂ]] À¯´Ð½º ±âº» Á¤¸®[8]     ¼ÒÀ¯
10/09 14435
1539     [re] ÇãÁ¢ÆÁ] ¾ÏÈ£¸¦ ¹Ù²ã ÇØÅ·ÇÇÇØ ÁÙÀÌÀ𠤻 ^^; ´õ ÁÁÀº¹æ¹ý[9]     xeon400
10/14 9358
1538   Äְܼú ¿¢½ºÀ©µµ¿¡¼­ ¸¶¿ì½º »ç¿ëÇϱâ[1]     ¼ÒÀ¯
10/28 9994
1537   ¸®´ª½º¿¡¼­ Çѱ¹Åë½Å adsl ¼³Á¤[10]     jgminam
11/06 11474
1536   gdb»ç¿ë¹ý_¸µÅ©ÀÓ´Ù...[3]     esang72
01/10 8848
1535   ¸®¸ðÆ®¿¡¼­ ¸í·É¾î ½ÇÇà½ÃÅ°±â[1]     xiangyi
02/03 10604
1534   format stringÀ» À§ÇÑ ¸®ÅϾîµå·¹½º ±¸Çϱâ.[2]     ssuckies
02/08 10664
  ±×³àÀÇ Vulnerabilities¿¡ µû¸¥ Remote/local one night stand exploit.[2]     ssuckies
03/29 10153
1532   ¿Ö C À̾î¾ß Çϴ°¡ ?[96]     ¼ÒÀ¯
04/09 24893
1531   BOF ÇØ°á ¹«ÀÛÁ¤ µû¶óÇϱâ #1[7]     ssuckies
04/12 14441
1530   BOF ÇØ°á ¹«ÀÛÁ¤ µû¶óÇϱâ #2     ssuckies
04/12 10030
1529   Ä¿³Î¹öÀü È®ÀÎÇϱ⤻[1]     ±«µµjs
07/02 9097
1528   [C°­ÁÂ] C¾ð¾îÀÇ ±âº»°³¿ä     ±«µµjs
07/02 11254
1527   C¾ð¾î ±âº»±¸Á¶[1]     ±«µµjs
07/02 12492
1526   C°­ÁÂ;;¶ó ÇÒ°ÍÀÕ³ª?[1]     ±«µµjs
07/03 11243
1525   2¹ø°C°­ÁÂ~![9]     ±«µµjs
07/03 11940
1524   I. ¸®´ª½º ±¸Á¶ ¹× ÀÏ¹Ý ¸í·É¾î.     ±«µµjs
07/04 12791
1523   II. ÀϹݸí·É¾î2.     ±«µµjs
07/04 10363
1522   [Bash Shell] Á¤º¹Çϱâ[1]     ±«µµjs
07/04 10075
[1][2] 3 [4][5][6][7][8][9][10]..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org