1581, 78/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   (²Ä¼ö) L.O.B Çѹ濡 Ŭ¸®¾îÇϱâ

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8564 [º¹»ç]


ÇÊÀÚ°¡ LD_PRELOAD¿¡ ´ëÇØ ¿¬±¸Çϸ鼭 ¾Ë°Ô µÈ »ç½ÇÀε¥

my-pass ÆÄÀÏÀº ¸Å¿ì Ãë¾àÇÏ´Ù.

LD_PRELOAD´Â ȯ°æº¯¼ö Áß ÇϳªÀÌ´Ù.

ÇÁ·Î¼¼½º¸¦ ½ÇÇàÇÏ´Â °úÁ¤¿¡¼­ ¶óÀ̺귯¸®¸¦ ·ÎµùÇÒ ¶§,

LD_PRELOAD(ȯ°æº¯¼ö)°¡ ¼³Á¤ÀÌ µÇ¾îÀÖ´Ù¸é

ÇØ´ç º¯¼ö¿¡ ÁöÁ¤µÈ ¶óÀ̺귯¸®¸¦ ¸ÕÀú ·ÎµùÇÑ´Ù.

LD_PRELOAD ȯ°æº¯¼ö¿¡ ÀúÀåÇÏ´Â ¿©·¯°¡Áö ¹æ¹ý Áß ½©¿¡ µî·ÏÇÏ¿© »ç¿ëÇÏ´Â ¹æ¹ýÀÌ ÀÖ´Ù.

my-pass ÆÄÀÏÀº geteuid¸¦ Çؼ­ »ç¿ëÀÚÀÇ euid¿¡ ¸Â´Â Æнº¿öµå¸¦ Ãâ·ÂÇØÁØ´Ù.

±×·±µ¥ LD_PRELOAD¶ó´Â ȯ°æº¯¼ö´Â ƯÁ¤ÇÑ ÇÔ¼ö¸¦ ¹Ì¸® µî·ÏÇØ µÑ ¼ö ÀÖ´Ù.

±×·¸´Ù¸é ÀÌ LD_PRELOAD¶õ ¹«¾ùÀϱî?

¾Æ·¡´Â °£´ÜÇÏ°Ô ±¸±Û¸µÀ» ÇÏ¿©

ÇØ¿Ü »çÀÌÆ®¿¡¼­ ld_preload¿¡ ´ëÇØ Ã£¾Æº» ±ÛÀ» ÀοëÇÑ °ÍÀÌ´Ù.

========================================
.
.
.
Normally the Linux dynamic loader ld-linux (see ld-linux(8) man page) finds and loads the shared libraries needed by a program, prepare the program to run, and then run it. The shared libraries (shared objects) are loaded in whatever order the loader needs them in order to resolve symbols.
.
.
.

(Çؼ®)
.
.
.
º¸ÆíÀûÀ¸·Î ¸®´ª½º µ¿Àû ·Î´õ´Â ÇÁ·Î±×·¥¿¡ ÇÊ¿äÇÑ °øÀ¯ ¶óÀ̺귯¸®µéÀ»
ã°í ·ÎµåÇÏ¸ç ½ÇÇàÇÒ ÇÁ·Î±×·¥À» ÁغñÇÑ ´ÙÀ½ ½ÇÇàÇÑ´Ù.
°øÀ¯ ¶óÀ̺귯¸®´Â ±âÈ£¸¦ È®ÀÎÇϱâ À§ÇÏ¿© ·Î´õ°¡ ÇÊ¿äÇÑ ¼ø¼­´ë·Î ·ÎµåµÈ´Ù ±×¸®°í...
========================================







geteuid°¡ ¿øÇÏ´Â ´Ü°èÀÇ uid¸¦ ¸®ÅÏÇϵµ·Ï LD_PRELOAD¸¦ »ç¿ëÇؼ­ Á¶ÀÛÇÒ ¼ö ÀÖ´Ù.

±×·¯¸é my-pass´Â Á¶ÀÛµÈ geteuidÀÇ °á°ú¿¡ µû¶ó ´Ù¸¥ ¾ÆÀ̵ðÀÇ ºñ¹Ð¹øÈ£¸¦ ¹ñ¾î³¾ °ÍÀÌ´Ù.

---------------------
int geteuid(void);

int main(void)
{
        return geteuid();
}

int geteuid(void) {
    return 520;
}

--------------------

[gate@localhost gate]$ gcc -o geteuid -shared -fPIC geteuid.c
[gate@localhost gate]$ export LD_PRELOAD=./geteuid
[gate@localhost gate]$ my-pass















ÇÊÀÚ°¡ ÀÌ°ÍÀ» »ý°¢ÇÏ´Â µµÁß,

int geteuid(void)
{
    return 520;
}

ÀÌ·¸°Ô ¾²¸é mainÇÔ¼ö, Áï ½ÃÀÛÁ¡ÀÌ ¾ø´Ù°í ¿¡·¯¸¦ ¹ñ¾ú´Ù.

±×·¸´Ù¸é mainÇÔ¼ö¿¡¼­ ¼­ºêÇÔ¼ö¸¦ ¸¸µç´ÙÀ½ 520À» ¸®ÅÏÇÏ°í ±× °ªÀ»

mainÇÔ¼ö°¡ ¸®ÅÏÇϸé ÀÌ·¨´ø Àú·¨´ø 520À» ¸®ÅÏÇÑ´Ù´Â »ç½ÇÀº º¯ÇÔ¾øÁö ¾Ê´Â°¡?

¸ðµç ÇÁ·Î±×·¥Àº ½ÃÀÛÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

ÀϹÝÀûÀÎ C¾ð¾î¶ó¸é mainÇÔ¼ö°¡ ½ÃÀÛÁ¡ÀÌ µÇ´Âµ¥ (ÀÌ°ÍÀ» entry point¶ó°íµµ ÇÑ´Ù)

ÀÌ ½ÃÀÛÁ¡À» mainÀÌ ¾Æ´Ñ ´Ù¸¥ À̸§ÀÇ ÇÔ¼ö°¡ µÉ ¼ö ÀÖÀ»±î?

¶ó´Â °íÂûÀ» Çϸ鼭 °­Á´ ¿©±â±îÁö ¸¶Ä¡°Ú´Ù.


  Hit : 1162     Date : 2023/01/14 03:09



    
ÇØÅ·ÀßÇÏ°í½Í´Ù ¸¶Áö¸· ¹®´Ü¿¡ ¿ÀÇØÀÇ ¼ÒÁö°¡ Àֳ׿ä.
Windows API¿¡¼± WinMainÀÌ ½ÃÀÛÁ¡ÀÌ¶ó¼­ mainÇÔ¼ö¿Í À̸§ÀÌ ´Ù¸£±ä Çѵ¥
"gcc°°Àº ÄÜ¼Ö C¾ð¾î ÇÁ·Î±×·¡¹Ö¿¡¼­ mainÇÔ¼ö À̸§À» º¯°æÇÒ ¼ö ÀÖÀ»±î?"°¡ °íÂûÇÒ Á¡ÀÔ´Ï´Ù.
±¸±Û¸µÀ» Çؼ­ Çѹø ¾Ë¾ÆºÁ¾ß µÇ°Ú³×¿ä.
2023/01/15  
Àܵ¥½º ¤§ 2024/03/16  
41   * ÇØÅ·¿µÈ­ º¼¸¸ÇÑ°Å *[5]     HackerMapia
02/20 11817
40   * ÇØÅ·ÀÇ °ø°Ý±â¼ú *[3]     HackerMapia
03/01 13463
39   * C¾ð¾î¸¦ ²À¹è¿ö¾ßÇϴ°¡ *[2]     HackerMapia
02/21 8632
38   * C C++ *     HackerMapia
03/01 7888
37   * À©µµ¿ì¸¦ ºü¸£°Ô¿­ÀÚ *[6]     HackerMapia
02/24 7596
36   * À©µµ¿ì ´ÜÃàÅ° ¾Æ´Â°Íµé *[7]     HackerMapia
02/20 7361
35   * À©µµ¿ì ÇØÅ·ÀÇ ±âº»¿ø¸® *     HackerMapia
02/21 18246
34   * À©µµ¿ì ÇØÅ·ÀÇ ±âº» ¿ø¸®*[29]     oes2
08/26 13189
33   * À©µµ¿ì Á¾·á¸¦ ºü¸£°Ô *[2]     HackerMapia
02/20 7873
32   * Á¡È­½ÄÀÇ °£´ÜÇÑ ¾Ë°í¸®Áò     limjongmin
08/20 9091
31   * Á¡È­½Ä °£´ÜÇÏ°Ô     limjongmin
08/20 6921
30   * ÀÎÅͳݰ˻öÀÌ ´ÞÀÎÀÌ µÇ´Â 10°¡Áö ¹æ¹ý *[1]     HackerMapia
02/24 7965
  (²Ä¼ö) L.O.B Çѹ濡 Ŭ¸®¾îÇϱâ[2]     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/14 1161
28   (Æß)Wireshark ¼³Ä¡ ¹× »ç¿ë¹ýÀÔ´Ï´Ù.~[2]     Mach
04/29 8000
27   (WindowXP±âÁØ) °£´ÜÇÑ ÄÄÇ»ÅÍ ÃÖÀûÈ­     dzhfldk
08/22 6875
26   (Àâ´ã)Æ÷ÀÎÅÍ´Â ½±´Ù?[2]     sihun1113
05/01 6414
25   (2Â÷¼öÁ¤)´Ü¼øÇÏ°í À§ÇèÇÑ ÆÄÀÏ ¾÷·Îµå ÇØÅ·±â¼ú[2]     gohy032
07/30 13387
24   <»þ¿À¾² Ÿ·Î>5.¾È³»¹®Ç¥½Ãpri.h[1]     sihun1113
06/04 6822
23   <»þ¿À¾² Ÿ·Î>4.ùȭ¸é±¸Çöpri.h     sihun1113
06/04 6257
22   <»þ¿À¾² Ÿ·Î>3.show.h-2     sihun1113
06/04 6790
[1]..[71][72][73][74][75][76][77] 78 [79][80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org