|
|
|
|
|
|
|
|
|
|
|
|
|
35, 1/2 |
|
µÎ·ç¹¶¼ú | |||||||
[ÄÚµå°ÔÀÌÆ®2011] ÄÚµå°ÔÀÌÆ® ¹®Á¦.. | |||||||
http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_CTF&no=9 [º¹»ç]
Hit : 5423 Date : 2011/03/06 10:10
|
|||||||
¸Û¸Û | 100, 200Àº ´Ù¸¥ ºÐµéÀÌ ¼³¸íÇØÁÖ½Ç °Í °°°í 300Àº bof ¹®Á¦Àε¥, ¿ìºÐÅõ 10.4¶ó random stack, heap, library + non-exec stack, heap Ç®À̹ýÀº random libraryÀ̱äÇÏÁö¸¸ lld ./test ¿Í °°ÀÌ °è¼Ó ½ÇÇàÇغ¸¸é 00110000 ÁÖ¼Ò°¡ ³ôÀº ºóµµ¼ö·Î ¹Ýº¹ ÃâÇöÇϰŵç. ±×°Éº¸°í 00110000 ±âÁØÀ¸·Î brute forceÇϰųª ȤÀº Á» ´õ ³ôÀº È®·ü·Î Ç®·Á¸é fprintf °°Àº ÇÔ¼öÀÇ GOT¸¦ execl·Î µ¤´Â RTLÀ» ÇϸéµÇ»ï ¹®Á¦Ç®ÀÌ ¼¼¹Ì³ª ¶Ç ÇÒÅ×´Ï±î ¿À¼À ¤» |
2011/03/07 | |
indra | vuln100¹øÀº.. mp3 tag Á¤º¸ÂÊ¿¡ php code¸¦ »ðÀÔÇؼ ½ÇÇàÇÏ´Â ¹®Á¦¿´½À´Ï´Ù. phpcode ½ÇÇàÇÏ°í dbconn.php¸¦ º¸¸é root ºñ¹øÀÌ ³ª¿É´Ï´Ù.. ±×°É·Î mysqldump¸¦ ¶ß¸é ±× ¾È¿¡ vul100pw ´ø°¡.. Å×À̺íÀÌ Àִµ¥ ±× Å×À̺í¾È¿¡ Æнº¿öµå°¡ ÀÖ¾ú½À´Ï´Ù. vuln200Àº ÀϹݰèÁ¤¿¡¼ÀÇ SQL injectionÀº ³¬½Ã¿´°í¿ä.. Administrator °èÁ¤À¸·Î µé¾î°¡¾ß ÇÕ´Ï´Ù.. ·Î±×ÀÎ ½Ã¿¡ trim()À» ½ÇÇàÇϴ°ſ´³ª.. ±×·¡¼ °ø¹éó¸® Çϸé ÀÎÁõ¿ìȸ°¡ µÆ°í¿ä.. Administrator °èÁ¤À¸·Î ·Î±×ÀÎÇؼ º¸¸é ±× ¾È¿¡ raw_data Å×À̺íÀÌ ÀÖ½À´Ï´Ù.. ±×°Ô base64 encodeµ¥ÀÌÅÍ ¿´´ø°É·Î ±â¾ïÇÏ°í.. ±×°É Ç®¸é png Å×ÀÌÅÍ°¡ ³ª¿À¸é¼ Æнº¿öµå°¡ ³ª¿É´Ï´Ù.. ¹®Á¦ Ǫ´À¶ó °í»ýÇϼ̽À´Ï´Ù.. |
2011/03/07 | |
supershop | indra // ºó ÆÄÀÏ¿¡ TAG~~~ ÀÌ·¸°Ô ¾²°í mp3 ÆÄÀÏ·Î ÀúÀåÇÏ¸é ¿Ã¶ó°¡°Åµç¿ä? °Å±â¿¡ <?php ~~ ?> ÀÌ·¸°Ô ÄÚµå ¾²°í ¿Ã·È´Âµ¥ ½ÇÇàÀº ¾È µÇ´øµ¥¿ä;;; phpÄڵ带 ¾î¶²½ÄÀ¸·Î »ðÀÔÀ» ÇؾßÇϳª¿ä? |
2011/03/07 | |
ÇÁ¶óÀ̵å | indra´ÔÀÌ ÇϽŴë·Î Ä÷³¿À¹öÇ÷ο쳪 trim¶§¹®¿¡ ¹ß»ýÇÏ´Â Ãë¾àÁ¡ÀÌ¿ëÇؼ °¡ÀÔÇصµµÇ±äÇÏÁö¸¸ E-mailÆû¿¡¼ insert sql injectionÀÌ ¹ß»ýÇÕ´Ï´Ù. ÀÌ°É·Î °¡ÀÔÇصµµÇ±¸¿ä ¤»¤µ¤» ±×¸®°í Áß¿äÇÑ°ÍÀº Administrator·Î ·Î±×ÀÎÇÑÈÄ¿¡, ÄíÅ°º¯¼öÀÎ lang¿¡¼ sqlÀÎÁ§¼ÇÃë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. lang¿¡¼ Äõ¸®ÀÎÁ§¼ÇÀ» Çغ¸¸é ¼Ò½ºÆäÀÌÁö¿¡¼ Äõ¸®½ÇÇà°á°ú¸¦ º¼¼öÀÖ½À´Ï´Ù. ÀÌ°ÍÀ» ÀÌ¿ëÇؼ µ¥ÀÌÅͺ£À̽ºÁ¤º¸¸¦ ¾ò°í , ¾òÀº Á¤º¸Áß raw_data¶ó´Â Å×À̺íÀÌÀִµ¥, 101°³ÀÇ ·¹Äڵ尡ÀÖ½À´Ï´Ù.(Àú´Â ¿©±â¼ºÎÅÍ raw_dataÅ×À̺í À粸µÎ°í µý°ÅÇß½À´Ï´Ù.¤Ì¤Ì µÚºÎÅʹ Ǫ½ÅºÐ ¼³¸í) ´Ù base64ÀÎÄÚµùµÈ ½ºÆ®¸µÀε¥ ÀÌ Á¤º¸µéÀ» sql ÀÎÁ§¼ÇÀ» ÅëÇؼ ¾ò¾î¿Í¼ ´Ù µðÄÚµùÇغ¸¸é pngÆÄÀÏ ½Ã±×´ÏÃÄ°¡ ³ª¿À´Âµ¥ Á»´õ µðÄÚµùÇÏ´Ùº¸¸é "flag : ~~~~" ÀÌ·±½ÄÀ¸·Î Ç÷¡±×¸¦ ¾òÀ»¼öÀÖ½À´Ï´Ù. Administartor·Î ·Î±×ÀÎÇØ¾ß ÇÑ´Ù´ÂÁ¡°ú, blind sql injectionÀ» ÇÏÁö¾Ê¾Æµµ µÈ´Ù´Â Á¡À» Á¦¿ÜÇϸé Àú¾î¹ø¿¡ ÄÚµå°ÔÀÌÆ®¹®Á¦·Î ³ª¿Ô´ø webhacking.kr 2¹ø ¹®Á¦¶û °ÅÀÇ À¯»çÇÏ´Ù°í»ý°¢ÇÕ´Ï´Ù =) |
2011/03/07 | |
ÇÁ¶óÀ̵å | p.s vuln200¹®Á¦¼¹ö »ýÁ¸È®ÀÎ =) <a href=http://221.141.3.112/index.php target=_blank>http://221.141.3.112/index.php</a> |
2011/03/07 | |
|
|