1588, 76/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   (²Ä¼ö) L.O.B Çѹ濡 Ŭ¸®¾îÇϱâ

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8564 [º¹»ç]


ÇÊÀÚ°¡ LD_PRELOAD¿¡ ´ëÇØ ¿¬±¸Çϸ鼭 ¾Ë°Ô µÈ »ç½ÇÀε¥

my-pass ÆÄÀÏÀº ¸Å¿ì Ãë¾àÇÏ´Ù.

LD_PRELOAD´Â ȯ°æº¯¼ö Áß ÇϳªÀÌ´Ù.

ÇÁ·Î¼¼½º¸¦ ½ÇÇàÇÏ´Â °úÁ¤¿¡¼­ ¶óÀ̺귯¸®¸¦ ·ÎµùÇÒ ¶§,

LD_PRELOAD(ȯ°æº¯¼ö)°¡ ¼³Á¤ÀÌ µÇ¾îÀÖ´Ù¸é

ÇØ´ç º¯¼ö¿¡ ÁöÁ¤µÈ ¶óÀ̺귯¸®¸¦ ¸ÕÀú ·ÎµùÇÑ´Ù.

LD_PRELOAD ȯ°æº¯¼ö¿¡ ÀúÀåÇÏ´Â ¿©·¯°¡Áö ¹æ¹ý Áß ½©¿¡ µî·ÏÇÏ¿© »ç¿ëÇÏ´Â ¹æ¹ýÀÌ ÀÖ´Ù.

my-pass ÆÄÀÏÀº geteuid¸¦ Çؼ­ »ç¿ëÀÚÀÇ euid¿¡ ¸Â´Â Æнº¿öµå¸¦ Ãâ·ÂÇØÁØ´Ù.

±×·±µ¥ LD_PRELOAD¶ó´Â ȯ°æº¯¼ö´Â ƯÁ¤ÇÑ ÇÔ¼ö¸¦ ¹Ì¸® µî·ÏÇØ µÑ ¼ö ÀÖ´Ù.

±×·¸´Ù¸é ÀÌ LD_PRELOAD¶õ ¹«¾ùÀϱî?

¾Æ·¡´Â °£´ÜÇÏ°Ô ±¸±Û¸µÀ» ÇÏ¿©

ÇØ¿Ü »çÀÌÆ®¿¡¼­ ld_preload¿¡ ´ëÇØ Ã£¾Æº» ±ÛÀ» ÀοëÇÑ °ÍÀÌ´Ù.

========================================
.
.
.
Normally the Linux dynamic loader ld-linux (see ld-linux(8) man page) finds and loads the shared libraries needed by a program, prepare the program to run, and then run it. The shared libraries (shared objects) are loaded in whatever order the loader needs them in order to resolve symbols.
.
.
.

(Çؼ®)
.
.
.
º¸ÆíÀûÀ¸·Î ¸®´ª½º µ¿Àû ·Î´õ´Â ÇÁ·Î±×·¥¿¡ ÇÊ¿äÇÑ °øÀ¯ ¶óÀ̺귯¸®µéÀ»
ã°í ·ÎµåÇÏ¸ç ½ÇÇàÇÒ ÇÁ·Î±×·¥À» ÁغñÇÑ ´ÙÀ½ ½ÇÇàÇÑ´Ù.
°øÀ¯ ¶óÀ̺귯¸®´Â ±âÈ£¸¦ È®ÀÎÇϱâ À§ÇÏ¿© ·Î´õ°¡ ÇÊ¿äÇÑ ¼ø¼­´ë·Î ·ÎµåµÈ´Ù ±×¸®°í...
========================================







geteuid°¡ ¿øÇÏ´Â ´Ü°èÀÇ uid¸¦ ¸®ÅÏÇϵµ·Ï LD_PRELOAD¸¦ »ç¿ëÇؼ­ Á¶ÀÛÇÒ ¼ö ÀÖ´Ù.

±×·¯¸é my-pass´Â Á¶ÀÛµÈ geteuidÀÇ °á°ú¿¡ µû¶ó ´Ù¸¥ ¾ÆÀ̵ðÀÇ ºñ¹Ð¹øÈ£¸¦ ¹ñ¾î³¾ °ÍÀÌ´Ù.

---------------------
int geteuid(void);

int main(void)
{
        return geteuid();
}

int geteuid(void) {
    return 520;
}

--------------------

[gate@localhost gate]$ gcc -o geteuid -shared -fPIC geteuid.c
[gate@localhost gate]$ export LD_PRELOAD=./geteuid
[gate@localhost gate]$ my-pass















ÇÊÀÚ°¡ ÀÌ°ÍÀ» »ý°¢ÇÏ´Â µµÁß,

int geteuid(void)
{
    return 520;
}

ÀÌ·¸°Ô ¾²¸é mainÇÔ¼ö, Áï ½ÃÀÛÁ¡ÀÌ ¾ø´Ù°í ¿¡·¯¸¦ ¹ñ¾ú´Ù.

±×·¸´Ù¸é mainÇÔ¼ö¿¡¼­ ¼­ºêÇÔ¼ö¸¦ ¸¸µç´ÙÀ½ 520À» ¸®ÅÏÇÏ°í ±× °ªÀ»

mainÇÔ¼ö°¡ ¸®ÅÏÇϸé ÀÌ·¨´ø Àú·¨´ø 520À» ¸®ÅÏÇÑ´Ù´Â »ç½ÇÀº º¯ÇÔ¾øÁö ¾Ê´Â°¡?

¸ðµç ÇÁ·Î±×·¥Àº ½ÃÀÛÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

ÀϹÝÀûÀÎ C¾ð¾î¶ó¸é mainÇÔ¼ö°¡ ½ÃÀÛÁ¡ÀÌ µÇ´Âµ¥ (ÀÌ°ÍÀ» entry point¶ó°íµµ ÇÑ´Ù)

ÀÌ ½ÃÀÛÁ¡À» mainÀÌ ¾Æ´Ñ ´Ù¸¥ À̸§ÀÇ ÇÔ¼ö°¡ µÉ ¼ö ÀÖÀ»±î?

¶ó´Â °íÂûÀ» Çϸ鼭 °­Á´ ¿©±â±îÁö ¸¶Ä¡°Ú´Ù.


  Hit : 1877     Date : 2023/01/14 03:09



    
ÇØÅ·ÀßÇÏ°í½Í´Ù ¸¶Áö¸· ¹®´Ü¿¡ ¿ÀÇØÀÇ ¼ÒÁö°¡ Àֳ׿ä.
Windows API¿¡¼± WinMainÀÌ ½ÃÀÛÁ¡ÀÌ¶ó¼­ mainÇÔ¼ö¿Í À̸§ÀÌ ´Ù¸£±ä Çѵ¥
"gcc°°Àº ÄÜ¼Ö C¾ð¾î ÇÁ·Î±×·¡¹Ö¿¡¼­ mainÇÔ¼ö À̸§À» º¯°æÇÒ ¼ö ÀÖÀ»±î?"°¡ °íÂûÇÒ Á¡ÀÔ´Ï´Ù.
±¸±Û¸µÀ» Çؼ­ Çѹø ¾Ë¾ÆºÁ¾ß µÇ°Ú³×¿ä.
2023/01/15  
Àܵ¥½º ¤§ 2024/03/16  
88   levitator.c (¾Èµå·ÎÀÌµå ·çÆÃ) °ø°Ý ºÐ¼® ¼Ò½º ÄÚµå °øÀ¯.[4]     scube
08/17 4255
87   ¾È³çÇϼ¼¿ä.     god0631a
03/16 4024
86   ±¸±Û ¹é¸µÅ© ÀÛ¾÷ Áú¹®¿ä     wkatnxka
03/30 3903
85   ½©ÄÚµå ¸ðÀ½     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/15 2124
  (²Ä¼ö) L.O.B Çѹ濡 Ŭ¸®¾îÇϱâ[2]     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/14 1876
83   Call by value VS Call by Reference     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/15 1479
82   ¸®´ª½º Ä¿³Î 2.6 ¹öÀü ÀÌÈÄÀÇ LKM     jdo
07/25 1293
81   °í¼ö´ÔµéÀÇ µµ¿òÀ» ¹Þ°í ½Í½À´Ï´Ù     vbnm111
02/11 754
80   ÆÄÀ̽ã random¸ðµâÀ» ÀÌ¿ëÇÑ ¼ýÀÚ¸ÂÃ߱⠰ÔÀÓ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/30 750
79   ÆÄÀ̽㠼ÒÄÏ ÇÁ·Î±×·¡¹ÖÀÇ ±âÃÊ     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/26 685
78   ÆÄÀ̽ã äÆà ÇÁ·Î±×·¥ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/28 659
77   ¸®´ª½º/À©µµ¿ì º¸¾È Àåºñ ·Î±×     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/20 629
76   ¸®´ª½º À¥ ·Î±× ºÐ¼®     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/20 510
75   netdiscover ÆÄÀ̽ãÀ¸·Î ±¸ÇöÇϱ⠠   ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 267
74   ÆÄÀ̽ãÀ» ÀÌ¿ëÇÑ ½ÉÇà À¥ Å©·Ñ·¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 205
73 ºñ¹Ð±ÛÀÔ´Ï´Ù  °¨À»¸øÀâ°Ú³×¿ä¤Ì¤Ì     À×À×À×
01/15 3
72 ºñ¹Ð±ÛÀÔ´Ï´Ù  2.3 ¸ð´ÏÅÍ¿¡ µ¥ÀÌÅÍ Ãâ·ÂÇϱâ printf()      xownsdk2
08/20 2
71 ºñ¹Ð±ÛÀÔ´Ï´Ù  ÇØÄ¿½ºÄð °ü¸®ÀÚ´Ô²²     packer
03/20 2
70 ºñ¹Ð±ÛÀÔ´Ï´Ù  Áú¹®ÇÕ´Ï´Ù~     ¸¶´©¶ó
08/05 1
69 ºñ¹Ð±ÛÀÔ´Ï´Ù  [re] : ÇØÄ𠱤ÁÖ¿¡¼­ °°ÀÌ °ÏºÎÇϽǺР¼±»ý´Ô & ½º½Â ±¸ÇÕ´Ï´Ù.     ne4760
03/25 1
[1]..[71][72][73][74][75] 76 [77][78][79][80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org