pwn3r tistory

[Docs] Reusing Dynamic Linker for Exploitation 본문


[Docs] Reusing Dynamic Linker for Exploitation

pwn3r 2012.05.15 01:06

Document - Reusing dynamic linker for exploitation 

분류 : Exploitation

플랫폼 : Linux


작년부터 "내일부터 써야지"하고 미뤄오던게 이제서야 다썻네요~ 양도 얼마안되는데 ..

Dynamic Linker를 역이용하여 고버젼 리눅스 exploitation에 사용할 수 있는 기술에 대한 문서입니다.

DYNAMIC 영역에 쓰기권한이 있어야한다는 전제조건 때문에 우분투 최신버젼이나 몇몇 리눅스에선 사용할 수 없어 제한적인 기술이기도 합니다.

하지만 DYNAMIC 영역에 쓰기 권한이 있다면 ASLR과 NX를 쉽게 우회할 수 있는 기술입니다. 문서에서 테스트한 환경은 Fedora 14이며 문서를 쓴시점에서 최신버젼인 Fedora 16에서 똑같이 사용할 수 있음을 확인했습니다. 

재밌게 읽어주세요~

저작자 표시
  • 프로필사진 bbolmin 2012.10.04 18:10 신고 잘 봤습니다~
    이런 방법은 어떻게 알아낸건지,,, ~대단하시네요 ㅎ
  • 프로필사진 pwn3r 2012.10.06 23:40 신고 재밌게읽으셨길 ~ㅎㅎ
  • 프로필사진 download 2013.07.22 15:04 신고 리눅스에서 C소스코드를 컴파일시켜 만들어낸 바이너리를 실행하면 와 같이
    동적라이브러리가 라이브러리영역에 매핑이 된다는걸로 알고있습니다.
    그런데 라이브러리가 메모리에 매핑될때 어디에 매핑되는지 , 또 하나이상의 라이브러리가 로딩될건데 어떤라이브러리가 먼저 로딩되는지 이와같은 정보를 어디서 참조하는지 궁금합니다.
    추가로 또 궁금한게 있는데 fork() 함수가 실행되면 자식프로세스가 만들어지면서 프로세스가 또 라이브러리가 자식프로세스메모리에 매핑되는 건가요? , 자식프로세스가 부모프로세스와 다른점은 어떤점인지 설명해주시면 감사합니다.
    인터넷에서 많이 찾아보았지만 아직까지 재대로 찾아낸 정보가 없어서 질문드립니다. ㅠㅠ

  • 프로필사진 2013.07.22 15:07 비밀댓글입니다
  • 프로필사진 MCM Bags For Men 2013.12.31 12:46 신고 네및And yes you can accomplish it randomly,Christian Louboutin Outlet

    The goal is to have a great family adventure together. The active travel part of any vacation or planned trip can be hard or it can be smooth. Bringing familiar items along on the trip will help them adjust to new surroundings. Call around to private schools and colleges,Ghd Straighteners, Swim clubs or close by YMCA to book a tr는리
  • 프로필사진 진모씨 2014.01.06 16:05 신고 꼭 DYNAMIC 섹션에 쓰기권한이 있을필요가 있나요?
  • 프로필사진 ruby slippers 2014.01.16 18:28 신고 우다video game 16 answers total 7 users marked this as a favorite,Platform Wedge Boots

    Now that you just have selected a specific field to conquer, You now need to determine whether or not you want to enroll in a conventional college, specialized college, Or get an internet degree instead. Each 1 has their own set of pros and cons and also you need to have the ability to weigh them out prior to mak관뉴
  • 프로필사진 brown ankle boots 2014.01.16 18:29 신고 그드06 mm cacl2 and incubated at 37 while in 5

    Discard water and dry well. Fill frying vessel with oil to the kind as noted above. this could help in preventing hot oil spill over. BlogsJournal de bordLe Monde selon RavanelloC ma tourne!Depuis sa disparition,cowgirl boots for girls, margaret Thatcher est au cur de toutes les dbats, Ravivant les passions qu'elle avait dchanes du temps de son lection뉴들
  • 프로필사진 canvas boat shoes 2014.01.16 18:30 신고 데알Authenticating rivets on balenciaga purses and handbags,women boat shoes

    initially,Cheap Yellow Box Shoes, You have to remember that all crash protection,spring heel shoes, in lieu of crash avoidance, was created to work TOGETHER. My first example would be if the individual were not wearing their seat belt. I am not really sure what would happen under those circumstances.

    ourite. In case th비고
  • 프로필사진 shoes online 2014.01.16 18:31 신고 어메to become able abide by our laws

    Loading up the car at WalMart with as much as possible pink,office shoes women, Will even include a pink digicam, And carnation pink laptop or portable computers, As well as her cell phone and travel case. When you feel that you have run out of pink accessories then it is time to jump web check out the custom made products that are sold on the now famous EBay an려려
  • 프로필사진 mens boat shoes 2014.01.16 18:33 신고 표조sometimes zero

    This is usually the sport that can give you healthy and fun form of balance in your life. starting this game will foster stronger relationship with your associates,leather boots for women. It would also make your tedious or stressful life come to be a more colourful and exciting one.

    Tod when you're ready to travel in style, Do it with matching buttery soft leather duffle and다습
  • 프로필사진 wedge sneakers leopard 2014.01.18 01:51 신고 지지000denier nylon is highly water resistant and very tough

    The way you get status on US Air is related to what are called "preferable Miles, Which are generally just the actual miles that your butt is in the seat on the plane. You will see a myriad of offers related to "Bonus kilometers, But what really matters due to the perks to you as a traveller are the preferred miles. Every flight was worth어방
  • 프로필사진 isabel marant ankle boots 2014.02.13 03:22 신고 일를even so the profit margin is still 345,louis vuitton handbags

    In valentine's day, Almost every person has to choose a Christmas gift for themselves or for their dear friends. There are always a great amount of Christmas gifts in the market,babyliss curler, So in most cases a headache for people to choose a special Christmas gift for their friends or relatives. as this is a cold winter, It is us습습
  • 프로필사진 Isabel marant bekett 2014.02.19 06:40 신고 할어sie lachen

    Das im noblen Wohnbezirk Kebayoroan Baru gelegene Luxushotel empfängt mit einem Spalier von traditionell gekleideten Angestellten. Vor dem Zimmer wartet unser personal butler". Während wir im großzügigen Pool unter knorrigen Franchipanibäumen schwimmen, packt Yun Koffer aus, putzt Schuhe.

    Sobald die Schwellung raus ist und du keine Schmerzen mehr hast,Isabel Marant Sneaker, kanns할예
  • 프로필사진 sacs longchamp 2014.03.08 16:32 신고 데크No seizures or jerks were noted

    even though any liquids over three ounces can't be brought through security meaning large bottles of shampoo, Lotions and hair gels will have to stay behind going with only carryon bags is worth the hassle. Portions of visiting are completely cut out,robe hollister, As there is no waiting to look for the bag, And no waiting at the end for the bag to come away fro습다
  • 프로필사진 valentino flats 2014.03.19 02:25 신고 의리Furniture and artifacts are accessible around chhattar hill

    It is mandatory that environmentally friendly Essay has all the essential things affecting the pollution and how one can take steps to control it,,valentino flats. Everyone must make their own efforts to bring down the consumption of petroleum,bridestowe bear price. We need to consider the products which were made using petroleum so th선을
  • 프로필사진 new balance 420 2014.03.28 13:52 신고 를할Sponsorship offers the opportunity of achieving several goals at once,new balance 420

    Gaza City Solid Waste Management Background Collection of waste in Gaza City has been improved through the provision of 150 donkey and cart units by COOPI to the Gaza Municipal Council. The solid waste collection system now covers in excess of 90% of your family population of the city. 100% of stored waste (Mi을로
  • 프로필사진 isabel marant dicker boots 2014.03.28 13:53 신고 립를thinking my own life into being

    should it be, Then what is the material in terms of hand bags? The answer will leather,sneakers|womens wedge sneakers|skechers wedge heel sneakers|platform wedge sneakers}", I am really sure about the difference. Today you can see that no materials that can match up the popularity of the leather. What do you consider, Why leather is so much demanding than all man방를
  • 프로필사진 valentino studded heels 2014.04.01 15:26 신고 리드A really good blazer,valentino shoes heels Lagerstroemia speciosa

    dime cadmium (nicad) Cells are rechargeable so they have the identical longevity advantage as lithium ion cells. Nickel is not the case bad, But cadmium is definitely something to keep out of mid-air. Never throw a nicad battery in the trash. There are two main tactics for collecting CB from the umbilical vein: In the delivery r예메
  • 프로필사진 gold clutch bags 2014.04.01 15:27 신고 가료Save up and reward yourself with a real bag

    the outcome of business operations is the harvesting of value from assets. affinity Bag, Cofounded by industry experienced Gregg Schwartz and Ronald Vachula, Provides custom built and printed plastic, standard paper, And vinyl bags to business concerns of all sizes, companies and geographies, From those needing bags for trade shows, Special gaining hi부어
댓글쓰기 폼