본문 바로가기

해커스쿨 LOB 문제풀이 최종본 pdf by ORANG 마무으리!! 더보기
해커스쿨 LOB ( xavius -> death_knight ) by ORANG - 리모트어택 LOB_xavious [xavius@localhost xavius]$ bash2[xavius@localhost xavius]$ lsdeath_knight death_knight.c[xavius@localhost xavius]$ cat death_knight.c/* The Lord of the BOF : The Fellowship of the BOF - dark knight - remote BOF*/ #include #include #include #include #include #include #include #include #include main(){char buffer[40]; int server_fd, client_fd;struct sockaddr_in server_addr;struct socka.. 더보기
해커스쿨 LOB ( nightmare -> xavius ) by ORANG LOB_nightmare [nightmare@localhost nightmare]$ bash2[nightmare@localhost nightmare]$ lsxavius xavius.c[nightmare@localhost nightmare]$ cat xavius.c/* The Lord of the BOF : The Fellowship of the BOF - xavius - arg*/ #include #include #include main(){char buffer[40];char *ret_addr; // overflow!fgets(buffer, 256, stdin);printf("%s\n", buffer); if(*(buffer+47) == '\xbf'){printf("stack retbayed you!\.. 더보기
해커스쿨 LOB ( succubus -> nightmare ) by ORANG LOB_succubus [succubus@localhost succubus]$ bash2[succubus@localhost succubus]$ lsnightmare nightmare.c[succubus@localhost succubus]$ cat nightmare.c/* The Lord of the BOF : The Fellowship of the BOF - nightmare - PLT*/ #include #include #include #include main(int argc, char *argv[]){char buffer[40];char *addr; if(argc < 2){printf("argv error\n");exit(0);} // check addressaddr = (char *)&strcpy;.. 더보기
해커스쿨 LOB ( zombie_assassin -> succubus ) by ORANG LOB_zombie_assassin [zombie_assassin@localhost zombie_assassin]$ bash2[zombie_assassin@localhost zombie_assassin]$ cat succubus.c/* The Lord of the BOF : The Fellowship of the BOF - succubus - calling functions continuously*/ #include #include #include // the inspectorint check = 0; void MO(char *cmd){ if(check != 4) exit(0); printf("welcome to the MO!\n"); // olleh!system(cmd);} void YUT(void){.. 더보기
해커스쿨 LOB ( assassin -> zombie_assassin ) by ORANG LOB_assassin [assassin@localhost assassin]$ bash2[assassin@localhost assassin]$ lszombie_assassin zombie_assassin.c[assassin@localhost assassin]$ cat zombie_assassin.c/* The Lord of the BOF : The Fellowship of the BOF - zombie_assassin - FEBP*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack ret.. 더보기
해커스쿨 LOB ( giant -> assassin ) by ORANG LOB_giant [giant@localhost giant]$ bash2[giant@localhost giant]$ lsassassin assassin.c[giant@localhost giant]$ cat assassin.c/* The Lord of the BOF : The Fellowship of the BOF - assassin - no stack, no RTL*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(argv[1][4.. 더보기
해커스쿨 LOB ( bugbear -> giant ) by ORANG - 브루트포싱 LOB_bugbear [bugbear@localhost bugbear]$ bash2[bugbear@localhost bugbear]$ lsgiant giant.c[bugbear@localhost bugbear]$ cat giant.c/* The Lord of the BOF : The Fellowship of the BOF - giant - RTL2*/ #include #include #include main(int argc, char *argv[]){char buffer[40];FILE *fp;char *lib_addr, *execve_offset, *execve_addr;char *ret; if(argc < 2){printf("argv error\n");exit(0);} // gain address o.. 더보기
해커스쿨 LOB ( darkknight -> bugbear ) by ORANG LOB_darkknight [darkknight@localhost darkknight]$ bash2[darkknight@localhost darkknight]$ lsbugbear bugbear.c[darkknight@localhost darkknight]$ cat bugbear.c/* The Lord of the BOF : The Fellowship of the BOF - bugbear - RTL1*/ #include #include main(int argc, char *argv[]){char buffer[40];int i; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack betrayed you!!\.. 더보기
해커스쿨 LOB ( golem -> darkknight ) by ORANG - FPO LOB_golem [golem@localhost golem]$ bash2[golem@localhost golem]$ lsdarkknight darkknight.c[golem@localhost golem]$ cat darkknight.c/* The Lord of the BOF : The Fellowship of the BOF - darkknight - FPO*/ #include #include void problem_child(char *src){char buffer[40];strncpy(buffer, src, 41);printf("%s\n", buffer);} main(int argc, char *argv[]){if(argc 더보기