¸®´ª½º

 3923, 2/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ewqqw
   SETUID¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ ¾ò±â ¼Ò½º ºÐ¼® ºÎŹ µå¸³´Ï´Ù

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4445 [º¹»ç]


¸çĥ° Çظްí Àֳ׿ä

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>

int main(){
    char command[256];
    char expand[256];
    printf("I will let you execute a single command...\n");
    printf("Try and get a shell with the command!\n");  

    fgets(command, 255, stdin);
    readlink(strtok(command, "\n"), expand, 255);

    if(strncmp(expand, "/bin/sh", 7) && strncmp(expand, "dash", 4)){
        printf("Nope! You always want to run /bin/sh\n");
        exit(0);
    }
    
    if(strstr(command, "sh")){
        printf("Almost... try to use a different name!\n");
        exit(0);
    }

    system(command);

    return 0;
}
  Hit : 1869     Date : 2017/03/07 06:42


    
pwn2on °£´ÜÇÏ°Ô ¼³¸íÇÑ´Ù¸é,
ÇØ´ç ÄÚµå´Â ¹®ÀÚ¿­À» ÀԷ¹޾ÆÁÖ°í ±× ¹®ÀÚ¿­À» ¸í·É¾î·Î ½ÇÇà½ÃÄÑÁÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù.
command¶ó´Â º¯¼ö¿¡ 256 Byte¸¸Å­ µ¥ÀÌÅ͸¦ ÀԷ¹ްí
readlink ÇÔ¼ö´Â °æ·Î°¡ ½Éº¼¸¯ ¸µÅ©¶ó¸é ±×°ÍÀ» ÀúÀåÇØÁÖ´Â ÇÔ¼öÀÔ´Ï´Ù.
strtok()´Â ƯÁ¤ ¹®ÀÚ¿­À» ±âÁØÀ¸·Î Data¸¦ Split ÇØÁÖ´Â ±â´ÉÀ̱¸¿ä.

ÀÌ·±½ÄÀ¸·Î ºÐ¼®ÇØ ³ª°¡¸é¼­ setuidÀÇ exploitÀ» ½ÃµµÇغ¸½Ã¸é µÉ°Å °°½À´Ï´Ù.		 2017/03/07  
ÇØÄð·¯ command´Â ¿øº» ¹®ÀÚ¿­, expand´Â readlink¸¦ ÇÑ °á°úÁÒ
°á±¹ µÑ´Ù ÀԷ¿¡ ÀÇÁ¸ÇÏ´Â µ¥ÀÌÅ͵éÀÌÁö¸¸ ÇÊÅ͸µÇÏ´Â ¹æ½ÄÀÌ ´Ù¸¨´Ï´Ù
command¿¡´Â sh°¡ ¾øÁö¸¸, ±× command·Î µé¾î¿Â ÇÁ·Î±×·¥ÀÌ ½Éº¼¸¯ ¸µÅ©µÈ ÆÄÀÏÀÌ°í, /bin/sh³ª dash¸¦ °¡¸£Å°°Ô ÇÏ¸é µÇ´Â°ÅÁÒ
ln -s /bin/sh /tmp/hack ÀÌ·±½ÄÀ¸·Î ÇϽŴÙÀ½¿¡
¹®Á¦¸¦ ½ÇÇàÇϼż­
¹®Á¦ÀÇ fgets¿¡ /tmp/hack À» ÀÔ·ÂÇÏ½Ã¸é µË´Ï´Ù		 2017/03/07  
ewqqw °¨»çÇÕ´Ï´Ù~~ ÇØ°áµÇ¾ú¾î¿ä 2017/03/08  
3903   ITºÐ¾ß·Î Áø·Î°í¹ÎÀ̳ª,Ãë¾÷,ÀÌÁ÷°í¹ÎÀ¸·Î ±Ã±ÝÇÑÁ¡µéÀÌ ¸¹À¸½ÃÁÒ~?     koreais0
 08/08 2707
3902   Æнº¿öµå°¡ ¾ø´Â °èÁ¤ Á¢¼Ó¹æ¹ý[1]     dohyng200
 08/04 2958
3901   ¸®´ª½º ¾ÈµÇ¿ä[2]     ÃÖÇö¿ì
 08/02 2579
3900   Å͹̳ο¡¼­ ¿ÍÀÌÆÄÀÌ ¿¬°á dhclient°¡ ¾ÈµÅ¿ä     dnlelstem96
 06/17 2893
3899   bash 418 ¹öÀü ¼öÁ¤ÇÏ´Â ¹æ¹ýÀÌ ±Ã±ÝÇÕ´Ï´Ù[2]     seongkeunkim
 05/30 3724
3898   µ¥½ºÅ©Å¾¿¡ ¿ìºÐÅõ¸¦ ±î´Âµ¥...[3]     vngkv123
 04/03 2351
3897   ¸®´ª½º ŸÀӾƿô ¹®Á¦[1]     hktaehyung
 04/02 2468
3896   Brute force ¸¦ ÀÌ¿ëÇÑ °ø°Ý[2]     ewqqw
 03/30 3080
3895   setuid¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ »ó½Â[2]     ewqqw
 03/29 2333
3894   ÆÄÀ̽㠼³Ä¡ °ü·Ã ¹®Á¦°¡ ¹ß»ýÇÏ¿© Áú¹® ¿Ã·È½À´Ï´Ù..[1]     dndud1346
 03/28 2264
3893   ¸®´ª½º ½© ¸í·É°ü·Ã...[2]     vngkv123
 03/21 2758
3892   setuid ¸¦ ÀÌ¿ëÇÑ ±ÇÇѾò±â ¼Ò½º[1]     ewqqw
 03/11 2808
3891   ¼Ò½º ºÐ¼® ºÎŹµå¸³´Ï´Ù.[3]     ewqqw
 03/10 2625
3890   PYTHONÀ» ÀÌ¿ëÇÑ È¯°æº¯¼ö¿¡ °ª³Ö±â[2]     ewqqw
 03/09 2269
3889     [re] PYTHONÀ» ÀÌ¿ëÇÑ È¯°æº¯¼ö¿¡ °ª³Ö±â     ewqqw
 03/09 1533
  SETUID¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ ¾ò±â ¼Ò½º ºÐ¼® ºÎŹ µå¸³´Ï´Ù[3]     ewqqw
 03/07 1868
3887   ¸®´ª½º ¾î´ÀÁ¤µµ ¹è¿ü´Âµ¥, ÀÌÁ¦ À©µµ¿ì·Î ÇØÅ·¹è¿öµÇ¿ä?[4]     jsryu1031
 03/04 2769
3886   ¿ìºÐÅõ¶û Æäµµ¶óÁß¿¡ ÇØÅ·Çϴµ¥ ÁÁÀº°Í°°³ª¿ä?[5]     jsryu1031
 03/01 3653
3885   ¸®´ª½ºÀÇ ±âÃÊÁ»[1]     ½ºÄ«ÀÌ·¹ÀÎ
 02/22 2327
3884   Mac OS X F.T.Z °ü·Ã[2]     willwayy
 02/15 2955
[1] 2 [3][4][5][6][7][8][9][10]..[197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org