Roronoa

문제 내용 힌트 파일을 확인해보니 코드가 들어가있다. 코드를 해석해 보겠다. 힌트 코드 #include #include int main( int argc, char *argv[] ) { char str[256]; setreuid( 3092, 3092 ); strcpy( str, argv[1] ); printf( str ); } str배열이 256바이트만큼 선언되었고 setreuid로 3092로 Real User ID(실제 사용자), Effective User ID(유효 사용자)를 설정해주었다. strcpy로 str에 argv[1]을 복사한다. 그리고 str을 출력한다. 여기서 strcpy는 길이를 검증하지 않기때문에 길이보다 많은 데이터 값을 입력하면 버퍼를 넘어서 다른 메모리영역까지 침범할 수 있다. ..

문제 내용 /usr/bin/bof의 소스코드를 출력하고 있다. 소스코드 #include #include #include main(){ char buf2[10]; char buf[10]; printf("It can be overflow : "); fgets(buf,40,stdin); if ( strncmp(buf2, "go", 2) == 0 ) { printf("Good Skill!\n"); setreuid( 3010, 3010 ); system("/bin/bash"); } } 해당 소스코드를 해석하면 버퍼 2개가 선언되어 있고 fgets로 buf에 40바이트만큼 입력창에서 입력을 받고 있다. 그리고 buf2에 저장된 2바이트가 go문자랑 같으면 0을 리턴하므로 참이되어 Real User ID, Effec..

Protostar Stack7 https://exploit.education/protostar/stack-seven/ Stack Seven :: Andrew Griffiths' Exploit Education Stack Seven Stack6 introduces return to .text to gain code execution. The metasploit tool “msfelfscan” can make searching for suitable instructions very easy, otherwise looking through objdump output will suffice. This level is at /opt/protostar/bin/st exploit.education 위 사이트에 접속을..

Protostar Stack6 https://exploit.education/protostar/stack-six/ Stack Six :: Andrew Griffiths' Exploit Education Stack Six Stack6 looks at what happens when you have restrictions on the return address. This level can be done in a couple of ways, such as finding the duplicate of the payload ( objdump -s will help with this), or ret2libc , or even return orientated pro exploit.education 위 사이트에 접속을..

Protostar Stack5 RTL 기법을 이용하여 문제풀이 https://exploit.education/protostar/stack-five/ Stack Five :: Andrew Griffiths' Exploit Education Stack Five Stack5 is a standard buffer overflow, this time introducing shellcode. This level is at /opt/protostar/bin/stack5 Hints At this point in time, it might be easier to use someone elses shellcodeIf debugging the shellcode, use \xcc (int3) to stop t exploit...

Protostar Stack5 https://exploit.education/protostar/stack-five/ Stack Five :: Andrew Griffiths' Exploit Education Stack Five Stack5 is a standard buffer overflow, this time introducing shellcode. This level is at /opt/protostar/bin/stack5 Hints At this point in time, it might be easier to use someone elses shellcodeIf debugging the shellcode, use \xcc (int3) to stop t exploit.education 위 사이트에 접..

Protostar Stack4 https://exploit.education/protostar/stack-four/ Stack Four :: Andrew Griffiths' Exploit Education Stack Four Stack4 takes a look at overwriting saved EIP and standard buffer overflows. This level is at /opt/protostar/bin/stack4 Hints A variety of introductory papers into buffer overflows may help.gdb lets you do “run < input”EIP is not directly aft exploit.education 위 사이트에 접속을 하..

Protostar Stack3 https://exploit.education/protostar/stack-three/ Stack Three :: Andrew Griffiths' Exploit Education Stack Three Stack3 looks at environment variables, and how they can be set, and overwriting function pointers stored on the stack (as a prelude to overwriting the saved EIP) Hints both gdb and objdump is your friend you determining where the win() function exploit.education 위 사이트에..

Protostar Stack2 https://exploit.education/protostar/stack-two/ Stack Two :: Andrew Griffiths' Exploit Education Stack Two Stack2 looks at environment variables, and how they can be set. This level is at /opt/protostar/bin/stack2 Source code #include #include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; char *variable; v exploit.education 위 사이트에 접속을..

1. Protostar Stack1 https://exploit.education/protostar/stack-one/ Stack One :: Andrew Griffiths' Exploit Education Stack One This level looks at the concept of modifying variables to specific values in the program, and how the variables are laid out in memory. This level is at /opt/protostar/bin/stack1 Hints If you are unfamiliar with the hexadecimal being displayed, exploit.education 위 사이트에 접속..