¸®´ª½º

 3923, 192/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   smile0909
   ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4392 [º¹»ç]


°£´ÜÇÑ BOF¿¡ ´ëÇÑ °­ÀÇÀڷḦ ¸¸µé±â À§Çؼ­,  ftz¼­¹öÀÇ guest°èÁ¤À¸·Î ·Î±×ÀÎÇÏ¿© Å×½ºÆ® ÁßÀä.
ÄÄÆÄÀϽÿ¡ °É ¼ö ÀÖ´Â ¿É¼ÇÀº ¸ðµÎ °Ç »óÅÂÀ̱¸¿ä. (-z execstack -fno-builtin -mpreferred-stack-boundary=2)

bof°ø°ÝÀ¸·Î ½ºÅÃÀÇ return addressºÎºÐ¿¡ ÁÖ¼Ò°ª(\x92\x83\x04\x08)À» ³ÖÀ¸·Á°í Çϴµ¥ ¾ÈµÇ±æ·¡..
ÄÚ¾î´ýÇÁ¸¦ ¶°º¸´Ï, ÀÚ²Ù \xc2\x92\xc2\x83\xc2\x04\xc2\x08¿Í °°ÀÌ, Áß°£¿¡ \xc2°ªÀÌ µé¾î°¡°í ÀÖ´Â »óȲÀ̳׿ä.

charÇü ¹è¿­ bufferÅ©±â´Â 4À̱¸¿ä.
¾Æ·¡Ã³·³ ³ª¿É´Ï´Ù..

[guest@ftz test]$ perl -e 'print "a"x4,"b"x4,"\x92\x83\x04\x08"' | ./test
aaaabbbb혪혘
Segmentation fault (core dumped)
[guest@ftz test]$ gdb test core.9330
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Core was generated by `./test'.
Program terminated with signal 11, Segmentation fault.
Cannot access memory at address 0x400160b0
#0  0x83c292c2 in ?? ()


Ȥ½Ã ½ºÅÃÂÊ¿¡ Çí»çÄڵ带 ³ÖÀ¸¸é Áß°£¿¡ ¾²·¹±â°ªÀÌ µé¾î°¡µµ·Ï ÀǵµÇϽŰǰ¡¿ä?
¿¹Àü¿¡´Â ºÐ¸íÈ÷ 됬´ø ¹æ½ÄÀε¥... ÀÌ»óÇϳ׿ä.. ÀÛ³âÀΰ¡ Á¦ÀÛ³âÀΰ¡´Â ºÐ¸íÈ÷ ftz¼­¹ö¿¡¼­µµ 됬´ø °Í °°Àºµ¥ ¿Ö °©Àڱ⠾ȵÇÁÒ?¤Ð¤Ð

+
¾Æ·¡¿Í °°ÀÌ, BOF¿øÁ¤´ë ¼­¹ö¿¡¼­´Â Àß µ¿ÀÛÇÕ´Ï´Ù. (Á¦°¡ guest°èÁ¤À» µû·Î ¸¸µé¾îµ×½À´Ï´Ù.)
[guest@localhost test]$ perl -e 'print "a"x4,"b"x4,"\x38\x84\x04\x08"' | ./test
aaaabbbb8?
bof success!
  Hit : 2681     Date : 2015/01/23 04:38


    
103   ÇØÅ· °ø°ÝÀÇ ¿¹¼úÀ̶õ Ã¥ÀÇ ¶óÀ̺ê CD¿¡ °üÇؼ­      accelerando
 09/21 5034
102   VMware·Î ¸®´ª½º¸¦ ÇÏ·Á°íÇϴµ¥;;[2]     wkdrudqls114
 09/26 2689
101   ¸®´ª½º vmware kali linux °íÁ¤ip°ü·Ã Áú¹®ÀÌ¿© ¤Ð¤ÐºÎŹµå¸²[3]     zakaen
 10/01 5922
100   ¸®´ª½º Å͹̳Π⠾°Ô ¶ç¿ì³ª¿ä?[2]     cksrjfl1996
 10/09 4962
99   °¡»ó¸Ó½Å¿¡ ¿ìºÐÅõ¸¦ ±ò°í ssh ¼³Ä¡ÈÄ °¡»ó¸Ó½Å ÀÚü¿¡¼­ Æ÷Æ®Æ÷¿öµù°ú °øÀ¯±â Æ÷Æ®Æ÷¿öµù¿¡¼­ÀÇ ¹®Á¦°¡...     ehaakdl
 11/01 3196
98   vi ¼Ò½º Äڵ带 º¸°í ½ÍÀºµ¥¿ä[2]     lionpoo
 11/11 3019
97   VMware Backtrack5 USB¹«¼±·£Ä«µå Áú¹®     jeah96
 11/11 3284
96   ¹éÆ®·¢5 wlan0 Ĩ¼ÂÀÌ UnknownÀ¸·Î ³ªÅ¸³ª´Â°Ô ¹®Á¦°¡ µÇ³ª¿ä?     jeah9441
 11/14 2899
95   Ã¥À» °í¹ÎÇÏ°í ÀÖ½À´Ï´Ù.[2]     calliope7487
 11/19 3263
94   ¸®´ª½º x windows (VMware)[1]     inwoong32
 11/30 2676
93   ÇØÄ¿½ºÄð°­Á ¸Û¸ÛÀÌÄÄÇ»Å͸¦Ã£¾Æ¶ó¿¡¼­.. ssh Æ÷Æ®¹øÈ£¾Ë¶§ telnetÀ¸·Î[1]     alsrbdu
 12/07 3631
92   kali linux¸¦ °¡»ó¸Ó½ÅÀ¸·Î ½ÇÇà½ÃÄ×À»¶§ ±Ã±ÝÇÑÁ¡[1]     cckcamp
 12/07 4107
91   ¸®´ª½º skelÀ̶ó´Â°Ô Á¤È­È÷¸ÓÁÒ?[2]     kdhan16
 12/17 4133
90   °©Àڱ⠻ý°¢³ª¼­ Áú¹®µå¸®´Âµ¥ ½º¸¶Æ®Æù¿¡ vmware[2]     nmy89
 12/17 3910
89   falcon os second °¡Áö°í ÀÖÀ¸½Å ¸ÚÁøºÐ ¾ø³ª¿ä?     jungkenji
 12/20 2891
88   CENT OS USB ¼³Ä¡ÈÄ ¹®Á¦     ifocean
 12/26 3148
87   hackerschool ·¹µåÇò ¸®´ª½º9.0°ü·ÃÁú¹®Àε¥¿ä     qotjddn6593
 01/06 2406
86   ÇØÄ¿½ºÄ𠸮´ª½º Æ®·¹À̴׿¡¼­ guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä??[1]     six6th
 01/06 3131
85   ÅÚ³Ý ftz ¼­¹ö guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä[2]     ÁãÀÌ
 01/06 3231
  ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð     smile0909
 01/23 2680
[1]..[191] 192 [193][194][195][196][197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org