http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Notice&no=1170881885 [º¹»ç]
[BOF-BufferOverflow- ¿øÁ¤´ë¶õ?]
ºñ±³Àû ½¬¿î BOF °ø·« ȯ°æÀÎ Redhat 6.2¿¡¼ºÎÅÍ ±Ã±ØÀÇ Fedora 14±îÁö
¼ö½Ê°³ÀÇ ·¹º§À» °ÅÃÄ°¡¸ç BOF ½Ã½ºÅÛ ÇØÅ· ½Ç½ÀÀ» ÇÏ´Â War-GameÀÔ´Ï´Ù.
[Á¢¼Ó ¹æ¹ý]
BOF ¿øÁ¤´ë´Â µµ¸ÞÀÎÀ̳ª IP°¡ ¾Æ´Ñ, vmware À̹ÌÁö ÇüÅ·ΠÁ¦°øÇÕ´Ï´Ù.
µû¶ó¼ °¢ÀÚÀÇ PC¿¡ ¿ö°ÔÀÓ ¼¹ö¸¦ °¡µ¿ÇϽŠÈÄ Á¢¼ÓÇØ Ç®¾î³ª°¡´Â ¹æ½ÄÀÔ´Ï´Ù.
[´Ù¿î·Îµå]
1. ´ÙÀ½ Vmware À̹ÌÁö¸¦ ´Ù¿î¹Þ¾Æ ºÎÆÃÇÑ´Ù.
http://work.hackerschool.org/DOWNLOAD/TheLordOfTheBOF/TheLordOfTheBOF_redhat.zip
vmware »óÀ§ ¹öÀü¿¡¼ ºÎÆà ¾È µÇ´Â ¿À·ù¸¦ ¼öÁ¤ÇÏ¿© ´Ù½Ã ¿Ã·È½À´Ï´Ù.
http://hackerschool.org/TheLordofBOF/TheLordOfTheBOF_redhat_bootable.zip
2. gate/gate·Î ·Î±×ÀÎÇÑ´Ù.
3. netconfig ¸í·ÉÀ¸·Î ³×Æ®¿öÅ© ¼³Á¤À» ÇÑ´Ù. (setuid °É¾î ³ù½À´Ï´Ù)
4. ip¸¦ È®ÀÎÇÑ´Ù. (/sbin/ifconfig)
5. putty, xshellµîÀ¸·Î Å͹̳ΠÁ¢¼ÓÇÏ¿© ¹®Á¦ Ç®À̸¦ ½ÃÀÛÇÑ´Ù. (telnet)
[±âº» ·ê]
1. single boot ±ÝÁö
2. root exploit ±ÝÁö
3. /bin/my-pass ¸í·É¿¡ LD_PRELOAD »ç¿ë ±ÝÁö
[·¹º§¾÷ Æнº¿öµå È®ÀÎ]
/bin/my-pass
[Àü¿ë °Ô½ÃÆÇ]
http://www.hackerschool.org/HS_Boards/zboard.php?id=bof_fellowship
[¸÷ ¸®½ºÆ®]
LEVEL1 (gate -> gremlin) : simple bof
LEVEL2 (gremlin -> cobolt) : small buffer
LEVEL3 (cobolt -> goblin) : small buffer + stdin
LEVEL4 (goblin -> orc) : egghunter
LEVEL5 (orc -> wolfman) : egghunter + bufferhunter
LEVEL6 (wolfman -> darkelf) : check length of argv[1] + egghunter + bufferhunter
LEVEL7 (darkelf -> orge) : check argv[0]
LEVEL8 (orge -> troll) : check argc
LEVEL9 (troll -> vampire) : check 0xbfff
LEVEL10 (vampire -> skeleton) : argv hunter
LEVEL11 (skeleton -> golem) : stack destroyer
LEVEL12 (golem -> darkknight) : sfp
LEVEL13 (darkknight -> bugbear) : RTL1
LEVEL14 (bugbear -> giant) : RTL2, only execve
LEVEL15 (giant -> assassin) : no stack, no RTL
LEVEL16 (assassin -> zombie_assassin) : fake ebp
LEVEL17 (zombie_assassin -> succubus) : function calls
LEVEL18 (succubus -> nightmare) : plt
LEVEL19 (nightmare -> xavis) : fgets + destroyers
LEVEL20 (xavis -> death_knight) : remote BOF
* Level20±îÁöÀÇ ¸÷µéÀ» ¸ðµÎ ÀâÀ¸½Å ÈÄ Ç®À̹ýÀ» BOF Àü¿ë °Ô½ÃÆÇ¿¡
¿Ã¸®¸é, Fedora ¼ºÀ¸·Î ÀÔÀåÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ» ºÎ¿©ÇØ µå¸³´Ï´Ù.
* ±×µ¿¾È º£Å¸ Å×½ºÆÿ¡ Âü¿©ÇØÁֽŠ¸¹Àº ºÐµé²² °¨»çµå¸³´Ï´Ù.
trynerr, codeache, passket, stolenbyte, eM, buff3r, »êÀû, hex0d, sorucA´Ô µîµîµî
* FedoraÂÊÀÇ ´ëºÎºÐÀÇ ¹®Á¦¸¦ Á¦°øÇØ ÁֽŠrandomkid´Ô²²µµ °¨»çµå¸³´Ï´Ù.
|
Hit : 81068 Date : 2010/09/23 12:05
|