본문 바로가기

해커스쿨 LOB ( skeleton -> golem ) by ORANG LOB_skeleton[skeleton@localhost skeleton]$ bash2[skeleton@localhost skeleton]$ lsgolem golem.c[skeleton@localhost skeleton]$ cat golem.c/* The Lord of the BOF : The Fellowship of the BOF - golem - stack destroyer*/ #include #include extern char **environ; main(int argc, char *argv[]){char buffer[40];int i; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] != '\xbf'){printf("stack is s.. 더보기
해커스쿨 LOB ( vampire -> skeleton ) by ORANG - 브루트 포싱 LOB_vampire [vampire@localhost vampire]$ lsskeleton skeleton.c[vampire@localhost vampire]$ bash2[vampire@localhost vampire]$ cat skeleton.c/* The Lord of the BOF : The Fellowship of the BOF - skeleton - argv hunter*/ #include #include extern char **environ; main(int argc, char *argv[]){ char buffer[40]; int i, saved_argc; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; env.. 더보기
해커스쿨 LOB ( troll -> vampire) by ORANG LOB_troll [troll@localhost troll]$ lsvampire vampire.c[troll@localhost troll]$ bash2[troll@localhost troll]$ cat vampire.c/* The Lord of the BOF : The Fellowship of the BOF - vampire - check 0xbfff*/ #include #include main(int argc, char *argv[]){ char buffer[40]; if(argc < 2){ printf("argv error\n"); exit(0); } if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"); exit(0); } // h.. 더보기
해커스쿨 LOB ( orge -> troll ) by ORANG LOB_orge [orge@localhost orge]$ bash2[orge@localhost orge]$ lstroll troll.c[orge@localhost orge]$ cat troll.c/* The Lord of the BOF : The Fellowship of the BOF - troll - check argc + argv hunter*/ #include #include extern char **environ; main(int argc, char *argv[]){ char buffer[40]; int i; // here is changed if(argc != 2){ printf("argc must be two!\n"); exit(0); } // egghunter for(i=0; environ[.. 더보기
해커스쿨 LOB ( darkelf -> orge ) by ORANG LOB_darkelf [darkelf@localhost darkelf]$ bash2[darkelf@localhost darkelf]$ lsorge orge.c[darkelf@localhost darkelf]$ cat orge.c/* The Lord of the BOF : The Fellowship of the BOF - orge - check argv[0]*/ #include #include extern char **environ; main(int argc, char *argv[]){ char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // here is changed! if(strlen(argv[0]) != 77){ prin.. 더보기
해커스쿨 LOB ( wolfman -> darkelf ) by ORANG LOB_wolfman [wolfman@localhost wolfman]$ lsdarkelf darkelf.c tmp[wolfman@localhost wolfman]$ bash2[wolfman@localhost wolfman]$ cat darkelf.c/* The Lord of the BOF : The Fellowship of the BOF - darkelf - egghunter + buffer hunter + check length of argv[1]*/ #include #include extern char **environ; main(int argc, char *argv[]){ char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0);.. 더보기
해커스쿨 LOB ( orc -> wolfman ) by ORANG LOB_orc [orc@localhost orc]$ bash2[orc@localhost orc]$ cat wolfman.c/* The Lord of the BOF : The Fellowship of the BOF - wolfman - egghunter + buffer hunter*/ #include #include extern char **environ; main(int argc, char *argv[]){ char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47.. 더보기
해커스쿨 LOB ( goblin -> orc ) by ORANG LOB_goblin [goblin@localhost goblin]$ bash2[goblin@localhost goblin]$ cat orc.c/* The Lord of the BOF : The Fellowship of the BOF - orc - egghunter*/ #include #include extern char **environ; main(int argc, char *argv[]){ char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xb.. 더보기
해커스쿨 LOB ( cobolt -> goblin ) by ORANG LOB_cobolt [cobolt@localhost cobolt]$ bash2[cobolt@localhost cobolt]$ cat goblin.c/* The Lord of the BOF : The Fellowship of the BOF - goblin - small buffer + stdin*/ int main(){ char buffer[16]; gets(buffer); printf("%s\n", buffer);} bash2 띄우고~ 소스를 보겠습니다! 힌트는 small buffer + stdin 입니다.이전 문제와 크게 다른것 같지 않군요, 이전 문제는 인자를 넘겨받아 strcpy로 buffer에 저장했다면이번엔 gets함수로 바로 buffer에 저장하네요ㅎㅎ역시 환경변수를 이용하거나, 음.. 어떤 .. 더보기
해커스쿨 LOB ( gremlin -> cobolt ) by ORANG ​LOB_gremlin [gremlin@localhost gremlin]$ bash2[gremlin@localhost gremlin]$ cat cobolt.c/* The Lord of the BOF : The Fellowship of the BOF - cobolt - small buffer*/ int main(int argc, char *argv[]){ char buffer[16]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer);} bash2 띄워주고~ 소스를 보겠습니다!! 힌트는 small buffer 군요buffer의 사이즈가 16밖에 안되네요ㅠㅠ음.. 환경변수를 이용한 방법.. 더보기