1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - orc - egghunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"..

1. intro 2. code 및 분석 2.1 C code /* The Lord of the BOF : The Fellowship of the BOF - goblin - small buffer + stdin */ int main() { char buffer[16]; gets(buffer); printf("%s\n", buffer); } 2.3. 분석 2.3.1. assembler code (중요 부분) ... 0x80483fe :lea 0xfffffff0(%ebp),%eax 0x8048401 :push %eax 0x8048402 :call 0x804830c ... 이번에는 gets 함수로 ebp-0x10 위치에 값을 받아들인다. 3. 취약점 확인 및 공격 준비 3.1 취약점 gets 함수로 값을 받아들일..