분류 전체보기

linux에서 docker 기본 사용법

1. image build 앞선 글과 동일하게 터미널에서 docker build -t 이름:태그 -f dockerfile명 . 을 입력하면 된다. https://wyv3rn.tistory.com/148?category=949848 system hacking을 위한 docker 설치 및 사용법 1. 서론. 지금까지 kali linux가 멋져보여 이를 사용해 모든 pwnable 문제를 풀고 있었다. 하지만 가면 갈수록 libc version matching 및 분석의 어려움을 느낌과 동시에 최근 ctf 트렌드 상 docker 사용이 필수 wyv3rn.tistory.com 2. 만들어진 image 확인 아래 명령어 실행. docker image ls ┌──(kali㉿kali)-[~/Downloads] └─$ ..

[lob] vampire -> skeleton

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - skeleton - argv hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i, saved_argc; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { printf("stack is st..

[lob] troll -> vampire

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - vampire - check 0xbfff */ #include #include main(int argc, char *argv[]) { char buffer[40]; if(argc < 2){ printf("argv error\n"); exit(0); } if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"); exit(0); } // here is changed! if(argv[1][46] == '\xff') { printf("but it's not forever\n"); exit(0); ..

[lob] orge -> trol

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - troll - check argc + argv hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; // here is changed if(argc != 2){ printf("argc must be two!\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xb..

[lob] darkelf -> orge

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - orge - check argv[0] */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // here is changed! if(strlen(argv[0]) != 77){ printf("argv[0] error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], ..

[lob] wolfman -> darkelf

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - darkelf - egghunter + buffer hunter + check length of argv[1] */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\..

[lob] orc -> wolfman

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - wolfman - egghunter + buffer hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { printf("stack is s..

[lob] goblin -> orc

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - orc - egghunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"..

[lob] cobolt -> goblin

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - goblin - small buffer + stdin */ int main() { char buffer[16]; gets(buffer); printf("%s\n", buffer); } 2.3. 분석 2.3.1. assembler code (중요 부분) ... 0x80483fe :lea 0xfffffff0(%ebp),%eax 0x8048401 :push %eax 0x8048402 :call 0x804830c ... 이번에는 gets 함수로 ebp-0x10 위치에 값을 받아들인다. 3. 취약점 확인 및 공격 준비 3.1 취약점 gets 함수로 값을 받아들일..

[lob] gremlin -> cobolt

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - cobolt - small buffer */ int main(int argc, char *argv[]) { char buffer[16]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer); } 2.3. 분석 2.3.1. assembler code (중요 부분) ... 0x8048453 :mov 0xc(%ebp),%eax #ebp+0xc의 값을 eax에 넣고 0x8048456 :add $0x4,%eax #eax + 0x4 주소를 ea..