http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_recover&no=46 [º¹»ç]
¾îÁ¦±îÁö¸¸ Çصµ ¾ø´ø Á¤Ã¼ºÒ¸íÀÇ µð·ºÅ丮°¡ Á¦ °èÁ¤ ¾È¿¡ »ý°å½À´Ï´Ù..
µð·ºÅ丮 ¾È¿¡´Â ¿©·¯°³ÀÇ µð·ºÅ丮¿Í ÆÄÀϵéÀÌ µé¾î ÀÖ¾ú´Âµ¥, Á¦°¢°¢ ¼ÒÀ¯±Çµµ ´Ù¸£°í.. µµ¹«Áö ¹«½¼ ¸ñÀûÀ¸·Î ¸¸µç°ÇÁö ¾Ë ¼ö °¡ ¾ø´Â °ÍµéÀÌ´õ±º¿ä
°Ô´Ù°¡ Áö¿öÁöÁöµµ ¾Ê½À´Ï´Ù..
rm ¸í·Â¾î°¡ ¾È ¸Ô¾î¿ä
±×·¡¼ ÀÏ´ÜÀº ¼¹ö¿¡¼ x-window·Î µé¾î°¡¼ Áö¿ü´Âµ¥, Áö¿ï¶§ º¸´Ï ¸î °¡Áö ¼ö»óÇÑ À̸§ÀÇ ½ÇÇàÆÄÀÏ°ú tar ÆÄÀÏÀÌ ÀÖ´õ±º¿ä
¿ì¼± linuxkit.tar ¶ó´Â °ÍÀÌ ¹¹ÇÏ´Â °ÇÁö ±Ã±ÝÇÕ´Ï´Ù
±×³É Áö¿ö¹ö·È´Âµ¥.. ¾Æ¹«·¡µµ ÀÌ°Ô ÇØÅ·¿¡ »ç¿ëµÈ °Í °°¾Æ¿ä. ¹°·Ð Á¦ °ÍÀº ¾Æ´Õ´Ï´Ù.
¶ÇÇϳª, p.tar ¶ó´Â ¾ÆÄ«À̺êÆÄÀÏÀÌ ÀÖ¾î¼ ÀÌ°Ç È¤½Ã³ª Çؼ ´Ù¿î·Îµå ¹Þ¾ÆºÃ´Âµ¥¿ä.
p.c¶ó´Â ¼Ò½ºÆÄÀÏ°ú p¶ó´Â ½ÇÇàÆÄÀÏÀÌ µé¾îÀÖ´õ±º¿ä
p.c¿¡ ÀûÈù ³»¿ëÀº¿ä
/*
* Linux kernel ptrace/kmod local root exploit
*
* This code exploits a race condition in kernel/kmod.c, which creates
* kernel thread in insecure manner. This bug allows to ptrace cloned
* process, allowing to take control over privileged modprobe binary.
*
* Should work under all current 2.2.x and 2.4.x kernels.
*
* I discovered this stupid bug independently on January 25, 2003, that
* is (almost) two month before it was fixed and published by Red Hat
* and others.
*
* Wojciech Purczynski <cliph@isec.pl>
*
* THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY*
* IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY
*
* (c) 2003 Copyright by iSEC Security Research
*/
#include <grp.h>
#include <stdio.h>
#include <fcntl.h>
#include <errno.h>
#include <paths.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/ptrace.h>
#include <sys/socket.h>
#include <linux/user.h>
int main(int argc, char ** argv)
{
prepare();
signal(SIGALRM, sigalrm);
alarm(10);
parent = getpid();
child = fork();
victim = child + 1;
if (child == -1)
fatal("[-] Unable to fork");
if (child == 0)
do_child();
else
do_parent(argv[0]);
return 0;
}
ÀÌ·± °ÍÀÔ´Ï´Ù.
ÀÌ°Ô ¹¹ÇÏ´Â ¼Ò½ºÀÎÁö Á» ¾Ë·ÁÁÖ¼¼¿ä~~
±×¸®°í ¾Æ¸¶µµ ¹éµµ¾î°¡ ¸¸µé¾îÁ® ÀÖÀ» °Í °°Àºµ¥, ã¾Æ¼ Áö¿ì´Â ¹æ¹ýµµ Á» ºÎŹµå¸³´Ï´Ù..
¶ÇÇϳª.
rm ¸í·É¾î°¡ ÇØÅ·´çÇÑ µÚ·Î °è¼Ó ¾È µË´Ï´Ù.
$rm *.* ¶ó°í Çϸé
Segmentation fault ¶ó°í ³ª¿À´Âµ¥¿ä...
¾î¶»°Ô ÇØ¾ß ÇÏÁÒ? |
Hit : 4526 Date : 2004/02/13 04:26
|