¸®´ª½º

 3923, 2/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ewqqw
   ¼Ò½º ºÐ¼® ºÎŹµå¸³´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4449 [º¹»ç]


ÀÌÁ¦ ¸· ¸®´ª½º¶û ÄÚµå ¹è¿ö°¡´Â »õ³»±â ÀÔ´Ï´Ù. ¤Ð¤Ð
#include <stdio.h>
#include <string.h>

int filter(char *cmd) {
        if (strstr(cmd, "f")) return 1;
        if (strstr(cmd, "sh")) return 1;
        if (strstr(cmd, "tmp")) return 1;
        return 0;
}

extern char **environ;
int main(int argc, char *argv[], char *envp[]) {
        char **p;

        printf("I am king the Godzo...\n");
        printf("I will let you execute a command again.\n");
        printf("However, I am much stronger than Tracer.\n");

        for (p=environ; *p; p++)
                memset(*p, 0, strlen(*p));

        putenv("PATH=/uri_mercy_gaemotham");

        if (filter(argv[1])) {
                printf("caught by filter!\n");
                return 0;
        }

        system(argv[1]);
        return 0;
}
  Hit : 2625     Date : 2017/03/10 12:29


    
ÇØÄð·¯ ÀÌ ¹®Á¦¸¦ Ç®ÀÌÇÏ·Á¸é Á÷Á¢ ½Ã½ºÅÛ¿¡¼­ ¸î°³ ºÁ¾ßÇÏ´Â°Ô À־ Ç®À̹ýÀº ¾Ë·Áµå¸®±â ¾î·Æ±¸¿ä
¾îÂ÷ÇÇ ¿äûÇÏ½Å°Ô ¼Ò½ººÐ¼®ÀÌ´Ï »ìÆ캸¸é
1. ȯ°æº¯¼ö¸¦ ¸ðµÎ »èÁ¦ÇÕ´Ï´Ù
2. PATH¿¡ /uri_mercy_gaemotham À» µî·ÏÇÕ´Ï´Ù. Áï ¿¹¸¦µé¾î cat flag.txt¸¦ Çϸé /uri_mercy_gaemotham/cat °¡ Á¸ÀçÇÏ´ÂÁö ã°Ô µË´Ï´Ù
3. ±× ÈÄ argv[1]À» ÀÎÀÚ·Î filter¸¦ ½ÇÇàÇϴµ¥, filterÇÔ¼ö¸¦ º¸¸é argv[1]¿¡ f³ª sh³ª tmp¶ó´Â ¹®ÀÚ¿­ÀÌ Á¸ÀçÇÏÁö ¾Ê¾Æ¾ß ÇÏ´Â °ÍÀ» ¾Ë ¼ö ÀÖ½À´Ï´Ù
4. ±× ÈÄ ÇÊÅ͸µÀ» Åë°úÇÑ argv[1]À» system()ÇÔ¼öÀÇ ÀÎÀÚ·Î ½ÇÇàÇÕ´Ï´Ù		 2017/03/10  
ewqqw ½ÇÇà½ÃÅ°´Ï±ñ Segmentation fault (core dumped)
°¡ ³ª¿À³×¿ä...		 2017/03/10  
ÇØÄð·¯ argv[1]À» ¾È³Ö°í ½ÇÇàÇÏ½Å°Ç ¾Æ´ÑÁö¿ä
argv[1]À̶õ°Ç ÇÁ·Î±×·¥ ½ÇÇàÈÄ¿¡ ÀÔ·ÂÇϴ°ÍÀÌ ¾Æ´Ï¶ó ÇÁ·Î±×·¥ ½ÇÇà°ú µ¿½Ã¿¡ ¼³Á¤ÇØÁÖ´Â °ÍÀÔ´Ï´Ù
cat text.txt¶ó´Â ¸í·É¿¡¼­´Â argv[0] = cat, argv[1] = test.txtÀÌ°í
ls -al À̶ó´Â ¸í·É¿¡¼­´Â argv[0] = ls. argv[1] = -al ÀÔ´Ï´Ù		 2017/03/11  
3903   ITºÐ¾ß·Î Áø·Î°í¹ÎÀ̳ª,Ãë¾÷,ÀÌÁ÷°í¹ÎÀ¸·Î ±Ã±ÝÇÑÁ¡µéÀÌ ¸¹À¸½ÃÁÒ~?     koreais0
 08/08 2707
3902   Æнº¿öµå°¡ ¾ø´Â °èÁ¤ Á¢¼Ó¹æ¹ý[1]     dohyng200
 08/04 2958
3901   ¸®´ª½º ¾ÈµÇ¿ä[2]     ÃÖÇö¿ì
 08/02 2579
3900   Å͹̳ο¡¼­ ¿ÍÀÌÆÄÀÌ ¿¬°á dhclient°¡ ¾ÈµÅ¿ä     dnlelstem96
 06/17 2893
3899   bash 418 ¹öÀü ¼öÁ¤ÇÏ´Â ¹æ¹ýÀÌ ±Ã±ÝÇÕ´Ï´Ù[2]     seongkeunkim
 05/30 3724
3898   µ¥½ºÅ©Å¾¿¡ ¿ìºÐÅõ¸¦ ±î´Âµ¥...[3]     vngkv123
 04/03 2351
3897   ¸®´ª½º ŸÀӾƿô ¹®Á¦[1]     hktaehyung
 04/02 2468
3896   Brute force ¸¦ ÀÌ¿ëÇÑ °ø°Ý[2]     ewqqw
 03/30 3080
3895   setuid¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ »ó½Â[2]     ewqqw
 03/29 2333
3894   ÆÄÀ̽㠼³Ä¡ °ü·Ã ¹®Á¦°¡ ¹ß»ýÇÏ¿© Áú¹® ¿Ã·È½À´Ï´Ù..[1]     dndud1346
 03/28 2264
3893   ¸®´ª½º ½© ¸í·É°ü·Ã...[2]     vngkv123
 03/21 2758
3892   setuid ¸¦ ÀÌ¿ëÇÑ ±ÇÇѾò±â ¼Ò½º[1]     ewqqw
 03/11 2808
  ¼Ò½º ºÐ¼® ºÎŹµå¸³´Ï´Ù.[3]     ewqqw
 03/10 2624
3890   PYTHONÀ» ÀÌ¿ëÇÑ È¯°æº¯¼ö¿¡ °ª³Ö±â[2]     ewqqw
 03/09 2269
3889     [re] PYTHONÀ» ÀÌ¿ëÇÑ È¯°æº¯¼ö¿¡ °ª³Ö±â     ewqqw
 03/09 1533
3888   SETUID¸¦ ÀÌ¿ëÇÑ ±ÇÇÑ ¾ò±â ¼Ò½º ºÐ¼® ºÎŹ µå¸³´Ï´Ù[3]     ewqqw
 03/07 1868
3887   ¸®´ª½º ¾î´ÀÁ¤µµ ¹è¿ü´Âµ¥, ÀÌÁ¦ À©µµ¿ì·Î ÇØÅ·¹è¿öµÇ¿ä?[4]     jsryu1031
 03/04 2769
3886   ¿ìºÐÅõ¶û Æäµµ¶óÁß¿¡ ÇØÅ·Çϴµ¥ ÁÁÀº°Í°°³ª¿ä?[5]     jsryu1031
 03/01 3653
3885   ¸®´ª½ºÀÇ ±âÃÊÁ»[1]     ½ºÄ«ÀÌ·¹ÀÎ
 02/22 2327
3884   Mac OS X F.T.Z °ü·Ã[2]     willwayy
 02/15 2955
[1] 2 [3][4][5][6][7][8][9][10]..[197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org