½Ã½ºÅÛ ÇØÅ·

 1575, 6/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ewqqw
   r0pbabay ¸¦ Ǫ´Âµ¥....

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=1883 [º¹»ç]


64ºñÆ®¶ó¼­

rbp ¿¡ dummy¸¦ 8¹ÙÀÌÆ® ä¿ì°í,

pop rdi ; ret °¡Á¬ + /bin/sh Æ÷ÀÎÅÍ + system ÇÔ¼ö

·Î rop °ø°ÝÇϴ°ÅÀݾƿä?

±×·±µ¥, offsetÂ÷À̸¦ ÀÌ¿ëÇؼ­ Àú ÇÔ¼öµéÀÇ ÁÖ¼Ò¸¦ ¾Ë¾Æ³»¾ß Çؼ­,

pop ret °¡Á¬Àº ¼º°øÀûÀ¸·Î systemÇÔ¼ö¿ÍÀÇ °Å¸®¸¦ ±¸Çß½À´Ï´Ù.

±×·±µ¥, /bin/sh ´Â gdb»ó¿¡¼­ ã¾Ò´Âµ¥, °á°ú°ªÀÌ ´Ù¸£´õ¶ó±¸¿ä.

r0pbaby ¿¡ pie°¡ °É·ÁÀ־ gdb¿¡ Á¦´ë·Î break point ¸¦ °É±â Èûµé´õ±º¿ä. ±×·¡¼­ ¹«ÀÛÁ¤ ½ÇÇà½ÃÅ°°í Á¾·á½ÃÄѼ­ p system°ú fine &system, +99999999, "/bin/sh" ¸¦ Çߴµ¥ °ªÀÌ ³ª¿Ô½À´Ï´Ù.

±×·±µ¥, ´Ù¸¥ºÐµéÀÇ writeupÀ» ºÃ´Âµ¥, gdb»ó¿¡¼­ set stop-on-solib-events 1 À» ÇÑ »óÅ¿¡¼­ ¾Ë¾Æ³½ /bin/sh´Â À§ÀÇ °ª°ú ´Þ¶ú½À´Ï´Ù.
±×·±µ¥ ¶Ç system ÇÔ¼ö´Â °°¾Ò±¸¿ä....

exploitÀº µÎ¹ø° »óȲÀÇ /bin/sh ÁÖ¼Ò¸¦ ½á¾ß °¡´ÉÇß½À´Ï´Ù...

¿Ö±×·±°¡¿ä>?????

  Hit : 2206     Date : 2017/07/07 09:46



    
vngkv123 libcÁÖ¼Ò¸¦ Ãâ·ÂÇØÁÖ´Ï µÚÀÇ 12bit°ªÀ» ¹ÙÅÁÀ¸·Î binshÁÖ¼Ò¸¦ libc-database¿¡¼­ ã¾Æº¸¼¼¿ë ¤¾¤¾ 2017/07/09  
1475   hex ray Áú¹®[2]     wwwlk
07/16 2363
1474   uaf Ãë¾àÁ¡ ,¸Þ¸ð¸® ¸¯ °ü·Ã ¹®Á¦[2]     pkdo1030
07/15 2672
  r0pbabay ¸¦ Ǫ´Âµ¥....[1]     ewqqw
07/07 2205
1472   ½Ã½ºÅÛ ÇØÅ·°­Á 21°­ºÎÅÍ ÀÚ·á ºÎŹµå·Áµµ µÉ±î¿ä?     sexissports
06/23 2653
1471   c¾ð¾î ÇÔ¼ö Á¤ÀÇÁß¿¡...     vngkv123
06/20 2366
1470   checksec, ELF±â´É, ±×¿Ü Áú¹®....     vngkv123
06/14 2550
1469   pwnable°ú ½ÇÀü ½Ã½ºÅÛ ÇØÅ·ÀÇ Â÷ÀÌ[2]     choboKing
06/11 4638
1468   ret2kernel32? (À©µµ¿ì ret2libc)[3]     choboKing
06/11 2340
1467   ulimit -f °ü·ÃÇÏ¿© Áú¹®µå·Áº¾´Ï´ç     vngkv123
06/01 2330
1466   ½©Äڵ带 ÀÌ¿ëÇؼ­ bof ¸¦ ÇÒ¶§[4]     tkakr7458
05/22 2867
1465   unlink¸ÅÅ©·Î¿¡¼­ P....[5]     vngkv123
05/12 2484
1464   heap¿¡¼­ unsafe unlink°¡ Á¶±Ý ÀÌÇØ°¡ ¾ÈµÇ³×¿ë ¤Ð[6]     vngkv123
05/10 4436
1463   heap¿¡¼­ bin°ü·Ã[3]     vngkv123
04/30 2698
1462   codegate nuclear¹®Á¦ Áß libc leakÁú¹®..[3]     vngkv123
04/27 3342
1461   fgetsÇÔ¼ö¸¦ ÀÌ¿ëÇÑ ¹öÆÛ¿À¹öÇ÷ο젠   ewqqw
04/23 4092
1460   format string ¹öÆÛ¿À¹öÇ÷ο젠   ewqqw
04/22 2278
1459   angry_doraemon°°Àº ¹®Á¦ ·ÎÄõî·Ï..     vngkv123
04/22 2752
1458   ¹öÆÛ¿À¹öÇÃ·Î¿ì °ü·Ã[1]     ewqqw
04/21 2412
1457   ¹öÆÛ ¿À¹öÇÃ·Î¿ì °ü·Ã[2]     ewqqw
04/20 2335
1456   format string bug + got overwite[3]     tkakr7458
04/19 2607
[1][2][3][4][5] 6 [7][8][9][10]..[79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org