|
|
|
|
|
|
|
|
|
|
|
|
|
3923, 2/197 |
|
ewqqw | |||||||
SETUID¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ ¾ò±â ¼Ò½º ºÐ¼® ºÎŹ µå¸³´Ï´Ù | |||||||
http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4445 [º¹»ç]
Hit : 1869 Date : 2017/03/07 06:42
|
|||||||
pwn2on | °£´ÜÇÏ°Ô ¼³¸íÇÑ´Ù¸é, ÇØ´ç ÄÚµå´Â ¹®ÀÚ¿À» ÀԷ¹޾ÆÁÖ°í ±× ¹®ÀÚ¿À» ¸í·É¾î·Î ½ÇÇà½ÃÄÑÁÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù. command¶ó´Â º¯¼ö¿¡ 256 Byte¸¸Å µ¥ÀÌÅ͸¦ ÀԷ¹ްí readlink ÇÔ¼ö´Â °æ·Î°¡ ½Éº¼¸¯ ¸µÅ©¶ó¸é ±×°ÍÀ» ÀúÀåÇØÁÖ´Â ÇÔ¼öÀÔ´Ï´Ù. strtok()´Â ƯÁ¤ ¹®ÀÚ¿À» ±âÁØÀ¸·Î Data¸¦ Split ÇØÁÖ´Â ±â´ÉÀ̱¸¿ä. ÀÌ·±½ÄÀ¸·Î ºÐ¼®ÇØ ³ª°¡¸é¼ setuidÀÇ exploitÀ» ½ÃµµÇغ¸½Ã¸é µÉ°Å °°½À´Ï´Ù. |
2017/03/07 | |
ÇØÄð·¯ | command´Â ¿øº» ¹®ÀÚ¿, expand´Â readlink¸¦ ÇÑ °á°úÁÒ °á±¹ µÑ´Ù ÀԷ¿¡ ÀÇÁ¸ÇÏ´Â µ¥ÀÌÅ͵éÀÌÁö¸¸ ÇÊÅ͸µÇÏ´Â ¹æ½ÄÀÌ ´Ù¸¨´Ï´Ù command¿¡´Â sh°¡ ¾øÁö¸¸, ±× command·Î µé¾î¿Â ÇÁ·Î±×·¥ÀÌ ½Éº¼¸¯ ¸µÅ©µÈ ÆÄÀÏÀÌ°í, /bin/sh³ª dash¸¦ °¡¸£Å°°Ô ÇÏ¸é µÇ´Â°ÅÁÒ ln -s /bin/sh /tmp/hack ÀÌ·±½ÄÀ¸·Î ÇϽŴÙÀ½¿¡ ¹®Á¦¸¦ ½ÇÇàÇϼż ¹®Á¦ÀÇ fgets¿¡ /tmp/hack À» ÀÔ·ÂÇÏ½Ã¸é µË´Ï´Ù |
2017/03/07 | |
ewqqw | °¨»çÇÕ´Ï´Ù~~ ÇØ°áµÇ¾ú¾î¿ä | 2017/03/08 | |
|
|