ky.agile

sbof 3
[System Hacking] basic_exploitation_000

Description ํ”„๋กœ๊ทธ๋žจ์˜ ์ทจ์•ฝ์ ์„ ํ†ตํ•ด ์…ธ์„ ํš๋“ํ•œ ํ›„, "flag" ํŒŒ์ผ์„ ์ฝ์–ด์•ผ ํ•œ๋‹ค. ๊ณต๊ฒฉ ๋Œ€์ƒ์˜ ์ฝ”๋“œ #include #include #include #include void alarm_handler() { puts("TIME OUT"); exit(-1); } void initialize() { setvbuf(stdin, NULL, _IONBF, 0); setvbuf(stdout, NULL, _IONBF, 0); signal(SIGALRM, alarm_handler); alarm(30); } int main(int argc, char *argv[]) { char buf[0x80]; // 128๋ฐ”์ดํŠธ initialize(); printf("buf = (%p)\n", buf); scanf("%..
๋ณด์•ˆ/Wargame 2024.03.02

[Stack Buffer Overflow] Return Address Overwrite์„ ํ†ตํ•œ ์‹คํ–‰ ํ๋ฆ„ ์กฐ์ž‘

Return Address Overwrite Buffer overflow๋ฅผ ํ†ตํ•ด stack์˜ return address ๊ฐ’์„ ์กฐ์ž‘ํ•˜๋ฉด, ํ”„๋กœ์„ธ์Šค์˜ ์‹คํ–‰ ํ๋ฆ„์„ ์กฐ์ž‘ํ•  ์ˆ˜ ์žˆ๋‹ค. ์ทจ์•ฝ์  ๋ถ„์„ ์ทจ์•ฝ์ ์ด ์žˆ๋Š” ์ฝ”๋“œ: rao.c #include #include void init() { setvbuf(stdin, 0, 2, 0); // setvbuf(FILE ๊ตฌ์กฐ์ฒด์— ๋Œ€ํ•œ ํฌ์ธํ„ฐ, ๋ฒ„ํผ, ๋ฒ„ํผ๋ง ๋ชจ๋“œ, ๋ฒ„ํผ ํฌ๊ธฐ(๋ฐ”์ดํŠธ)) setvbuf(stdout, 0, 2, 0); } void get_shell() { char *cmd = "/bin/sh"; char *args[] = {cmd, NULL}; execve(cmd, args, NULL); } int main() { char buf[0x28]; init(); pr..
๋ณด์•ˆ/์‹œ์Šคํ…œ ๋ณด์•ˆ 2024.03.01

[Stack Buffer Overflow] ๋ฐ์ดํ„ฐ ๋ณ€์กฐ์™€ ์œ ์ถœ

๋ฐ์ดํ„ฐ ๋ณ€์กฐ #include #include #include int check_auth(char *password) { // ์ž…๋ ฅ๊ฐ’(= password)์„ buffer(= temp)์— ๋‹ด์•„ ์ธ์ฆ์„ ๊ตฌํ˜„ํ•˜๋Š” ํ•จ์ˆ˜ int auth = 0; char temp[16]; strncpy(temp, password, strlen(password)); // strncpy: ์ž…๋ ฅ๋ฐ›์€ password ์ค‘ ์–ด๋–ค ๊ธธ์ด (์—ฌ๊ธฐ์„œ๋Š” strlen(password))๋งŒํผ์„ temp์— ๋ณต์‚ฌํ•จ. // ์ด๋•Œ, password์˜ ๊ธธ์ด๊ฐ€ temp์˜ ํฌ๊ธฐ๋ณด๋‹ค ํฌ๋ฉด, // password์˜ ์ผ๋ถ€๋Š” ์Šคํƒ์—์„œ temp๊ฐ€ ์ฐจ์ง€ํ•œ ๋ฒ”์œ„๋ฅผ ๋„˜์–ด๊ฐ. // ์ด๋•Œ, ๊ทธ ๋„˜์นœ ์œ„์น˜์— ๋งŒ์•ฝ ์ค‘์š”ํ•œ ๋ฐ์ดํ„ฐ๊ฐ€ ์žˆ์—ˆ๋‹ค๋ฉด, ์ด ๋ฐ์ดํ„ฐ๋ฅผ ์˜ค์—ผ์‹œ์ผœ๋ฒ„๋ฆผ. // ์ด ์ฝ”๋“œ์˜ ๊ฒฝ..
๋ณด์•ˆ/์‹œ์Šคํ…œ ๋ณด์•ˆ 2024.02.29
1
๋”๋ณด๊ธฐ

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”