½Ã½ºÅÛ ÇØÅ·

 1574, 7/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   SmileBedge
   ½©ÄÚµå ¼¼±×¸ÕÆ®¿À·ù;;

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=1509 [º¹»ç]


¿î¿µÃ¼Á¦´Â ·¹µåÇò9 2.4xxxÀÔ´Ï´Ù

ÀÏ´Ü ±â°è¾î "\xe8\xdd\xff\xff\xff\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x00\x90\x55\x89\xe5\x56"
"\xba\x0b\x00\x00\x00\x59\xbb\x01\x00\x00\x00\xb8\x04\x00\x00\x00\xcd\x80\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80"

¸¦

code[] = "" ³Ö°í

ÀÎÅͳݿ¡ µ¹°íÀÖ´ø ÄÚµå µÎ°¡Áö
1.
int main()
{
        int *run;
  
           run = (int *)&run+2;
           (*run) = (int) code;

    return 0;
}
2.
int main()
{
  void (*rub)(void);
        run = (void *)code;
        run();

      return 0;
}
À¸·Î µ¹·Áº¼°æ¿ì ¼¼±×¸ÕÆ®¿À·ù°¡³ª³×¿ä...

Á¦°¡ ¾îµð¼­ À߸øÇѰɱî¿ä...
  Hit : 3250     Date : 2011/07/29 10:21


    
´¾´¾ \00¶§¹®¿¡ ±×·±°Å ¾Æ´Ò±î¿ä \00ÀÌ »ó´çÈ÷ ¸¹ÀÌ µé¾î°¡³×¿ä 2011/07/29  
W.H. \x00 ÀÌ ½©Äڵ忡 ÀÖÀ¸¸é Á¦´ë·Î ½ÇÇà ¾ÊµÇ¿ä 2011/07/30  
pwn3r ¤¤ NULLÀÌ ÇÊ¿äÇÑÄڵ忡 NULLÀ» ¾ø¾Ö¸é ½ÇÇàÀÚü°¡ ¾ÈµÇ¿ä ~

µð½º¾î¼ÀºíÇغ¸´Ï Hello World¸¦ Ãâ·ÂÇϽ÷Á´ø°Å°°À¸½Åµ¥ FTZ±âÁØÀ¸·Î ù¹ø° ½©ÄÚµåÀÇ ½ÃÀۺκÐÀÌ ÀÌ»óÇϳ׿ä

0x08049440 <code+0>: call 0x8049422 <data_start+2> // ¿ä±âÀÌ»ó

0x08049445 <code+5>: dec %eax // "Hello World"
0x08049446 <code+6>: gs // "Hello World"
0x08049447 <code+7>: insb (%dx),%es:(%edi)// "Hello World"
0x08049448 <code+8>: insb (%dx),%es:(%edi)// "Hello World"
0x08049449 <code+9>: outsl %ds:(%esi),(%dx)// "Hello World"
0x0804944a <code+10>: and %dl,0x6f(%edi)// "Hello World"
0x0804944d <code+13>: jb 0x80494bb <_DYNAMIC+67>// "Hello World"
0x0804944f <code+15>: add %dl,%fs:0x56e58955(%eax)// "Hello World"
0x08049456 <code+22>: mov $0xb,%edx // 11±ÛÀÚ
0x0804945b <code+27>: pop %ecx // "Hello World" »Ì¾Æ³»±â
0x0804945c <code+28>: mov $0x1,%ebx // stdout
0x08049461 <code+33>: mov $0x4,%eax // write
0x08049466 <code+38>: int $0x80 // 0x80 inturrupt
0x08049468 <code+40>: mov $0x1,%eax // exit
0x0804946d <code+45>: mov $0x0,%ebx // 0
0x08049472 <code+50>: int $0x80 // 0x80 inturrupt

µð½º¾î¼ÀºíÇÑ ÄÚµåÁß code+0ºÎºÐÀÇ ¹ÙÀÌÆ®Äڵ尡 \xe8\xdd\xff\xff\xffÀε¥ , code+5¿Í code+22ÀÇ offsetÀº 0x11ÀÌ¿¡¿ä. (code + 5 ~ code + 21Àº "Hello World")
±×·¡¼­ \xe8\x11\x00\x00\x00 ·Î ¹Ù²ãÁֽøé Àߵ˴ϴ٠:)



ÀÎÁõ¼¦

[guest@ftz guest]$ cat pwn3r.c
http://www.hackerschool.org/HS_Boards/skin/guta_green/cw_write.gif
char code2[] = "\xe8\x11\x00\x00\x00\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x00\x90\x55\x89\xe5\x56"
"\xba\x0b\x00\x00\x00\x59\xbb\x01\x00\x00\x00\xb8\x04\x00\x00\x00\xcd\x80\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80";
int main()
{
int *run;

run = (int *)&run+2;
(*run) = (int) code2;

return 0;
}

[guest@ftz guest]$ ./pwn3r
Hello World[guest@ftz guest]$		 2011/07/30  
1454   ½ºÅð¡µå³ª ½ºÅà ½¯µå[1]     answp
 10/19 5004
1453   ½ºÅà ¿À¹öÇ÷οì Áú¹®Á» µå¸³´Ï´Ù ¤Ð¤ÐÃʺ¸[1]     pcmodel36
 05/18 3547
1452   ½ºÅà ÇÁ·¹ÀÓ ¹öÆÛ¿À¹öÇ÷ο츦 °øºÎÇϸ鼭 ±Ã±ÝÇÑ Á¡ÀÌ ÀÖ½À´Ï´Ù.[1]     Deferto
 08/10 3392
1451   ½´ÆÛ½ºÄµ     junh2507
 06/14 4174
1450   ½©½ºÅ©¸³Æ® °ü·Ã...     parkboxer
 10/06 3205
1449   ½©Äڵ忡 ´ëÇØ ´Ù½Ã Áú¹®ÇÏ°Ú½À´Ï´Ù.[1]     wjsqud011
 08/23 3371
1448   ½©Äڵ忡 ´ëÇØ °øºÎÇÏ´øÁß ¸·È÷´Â°Ô ÀÖ¾î ¿©Â庾´Ï´Ù.[1]     hdHyun216
 03/08 3495
1447   ½©Äڵ忡 ´ëÇÑ Áú¹®[3]     wjsqud011
 08/21 3212
1446   ½©Äڵ常µé¸é¼­ ¼¼±×¸ÕÆ®ÆúÆ® Áú¹®ÀÔ´Ï´Ù.. ¤Ð¤Ð![1]     duaudths
 05/02 3537
1445   ½©Äڵ带 ¸¸µé¾ú´Âµ¥ Áú¹®ÀÌ ÀÖ½À´Ï´Ù[5]     binoopang
 07/14 3799
1444   ½©Äڵ带 ÀÌ¿ëÇؼ­ bof ¸¦ ÇÒ¶§[4]     tkakr7458
 05/22 2567
  ½©ÄÚµå ¼¼±×¸ÕÆ®¿À·ù;;[3]     SmileBedge
 07/29 3249
1442   ½©ÄÚµå ¸¸µé´Ù Áú¹®µå¸³´Ï´Ù.[1]     phpmyadmin
 12/04 3328
1441   ½©ÄÚµå ¸¸µé±â Segmentation fault..[1]     attainer
 09/20 4491
1440   ½©ÄÚµå ¸¸µé°í µ¹¸±‹š... Áú¹®µå¸³´Ï´Ù.[1]     windowhan
 07/30 3722
1439   ½©ÄÚµå Á¦ÀÛ¿¡ µµ¿òÀ» ¾ò°íÀÚ ÇÕ´Ï´Ù.[8]     zipds
 09/13 6047
1438   ½©ÄÚµå ÀÛ¼º½Ã NULL ¹®Á¦[1]     daydreamss
 07/12 3023
1437   ½©ÄÚµå ÀÛ¼ºÁß¿¡[1]     kumi123
 06/06 2841
1436   ½©ÄÚµå Áú¹® ¤Ì¤Ì Á¦¹ßµµ¿ÍÁÖ¼¼¿©     kjy30532
 07/24 2704
1435   ½©À̶ó´Â°Ô ´ëü ¹¹ÁÒ?[1]     stop7
 06/20 3265
[1][2][3][4][5][6] 7 [8][9][10]..[79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org