독학두비니

War Games/해커스쿨 LOB

[해커스쿨 LOB] END: Death Knight

END. Death Knight 진짜 마지막! login id : death_knight pw : got the life 디렉토리를 확인해보면 [death_knight@localhost death_knight]$ ls dropped_item.txt dropped item이 하나 있네요. 끝! 여러분은 이 데이터 덩어리를 얻기 위해 열심히 달려오셨습니다. LOB를 풀면서 gdb와 시스템의 메모리 구조에 대해서 조금이나마 더 깊은 이해를 할 수 있었으면 좋겠습니다. 수고많으셨습니다~

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level20: Xavius >> Death Knight

Level 20. Xavius >> Death Knight Theme: remote BOF login id : xavius pw : throw me away bash2 & 코드 확인 [xavius@localhost xavius]$ bash2 [xavius@localhost xavius]$ cat death_knight.c /* The Lord of the BOF : The Fellowship of the BOF - dark knight - remote BOF */ #include #include #include #include #include #include #include #include #include main() { char buffer[40]; int server_fd, client_fd; str..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level19: Nightmare >> Xavius

Level 19. Nightmare >> Xavius Theme: arg login id : nightmare pw : beg for me bash2 & 코드확인 [nightmare@localhost nightmare]$ bash2 [nightmare@localhost nightmare]$ cat xavius.c /* The Lord of the BOF : The Fellowship of the BOF - xavius - arg */ #include #include #include main() { char buffer[40]; char *ret_addr; // overflow! fgets(buffer, 256, stdin); printf("%s\n", buffer); if(*(buffer+47) == '..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level18: Succubus >> Nightmare

Level 18. Succubus >> Nightmare Theme: PLT login id : succubus pw : here to stay bash2 & 코드 확인 [succubus@localhost succubus]$ bash2 [succubus@localhost succubus]$ cat nightmare.c /* The Lord of the BOF : The Fellowship of the BOF - nightmare - PLT */ #include #include #include #include main(int argc, char *argv[]) { char buffer[40]; char *addr; if(argc < 2){ printf("argv error\n"); exit(0); } //..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level17: Zombie Assassin >> Succubus

Level 17. Zombie Assassin >> Succubus Theme: calling functions continuously login id : zombie_assassin pw : no place to hide bash2 & 코드확인 [zombie_assassin@localhost zombie_assassin]$ bash2 [zombie_assassin@localhost zombie_assassin]$ cat succubus.c /* The Lord of the BOF : The Fellowship of the BOF - succubus - calling functions continuously */ #include #include #include // the inspector int che..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level16: Assassin >> Zombie Assassin

Level 16. Assassin >> Zombie Assassin Theme: FEBP 로그인 id : assassin pw : pushing me away bash2 & 코드확인 [assassin@localhost assassin]$ bash2 [assassin@localhost assassin]$ cat zombie_assassin.c /* The Lord of the BOF : The Fellowship of the BOF - zombie_assassin - FEBP */ #include #include main(int argc, char *argv[]) { char buffer[40]; if(argc < 2){ printf("argv error\n"); exit(0); } if(argv[1][4..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level15: Giant >> Assassin

Level 14. Bugbear >> Giant Theme: no stack, no RTL 로그인 id : giant pw : one step closer bash2 & 코드확인 [giant@localhost giant]$ bash2 [giant@localhost giant]$ nl assassin.c 1 /* 2 The Lord of the BOF : The Fellowship of the BOF 3 - assassin 4 - no stack, no RTL 5 */ 6 #include 7 #include 8 main(int argc, char *argv[]) 9 { 10 char buffer[40]; 11 if(argc < 2){ 12 printf("argv error\n"); 13 exit(0); 1..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level14: Bugbear >> Giant

Level 14. Bugbear >> Giant Theme: RTL 로그인 id : bugbear pw : new divide bash2 & 코드확인 1 /* 2 The Lord of the BOF : The Fellowship of the BOF 3 - giant 4 - RTL2 5 */ 6 #include 7 #include 8 #include 9 main(int argc, char *argv[]) 10 { 11 char buffer[40]; 12 FILE *fp; 13 char *lib_addr, *execve_offset, *execve_addr; 14 char *ret; 15 if(argc < 2){ 16 printf("argv error\n"); 17 exit(0); 18 } 19 // gai..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level13: Darkknight >> Bugbear

Level 13. Darkknight >> Bugbear Theme: RTL 로그인 id : darkknight pw : new attacker bash2&코드확인 [darkknight@localhost darkknight]$ bash2 [darkknight@localhost darkknight]$ nl bugbear.c 1 /* 2 The Lord of the BOF : The Fellowship of the BOF 3 - bugbear 4 - RTL1 5 */ 6 #include 7 #include 8 main(int argc, char *argv[]) 9 { 10 char buffer[40]; 11 int i; 12 if(argc < 2){ 13 printf("argv error\n"); 14 ex..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level12: Golem >> Darkknight

Level 12. Golem >> Darkknight Theme: FPO 로그인 id : golem pw : cup of coffee bash2 & 코드확인 [golem@localhost golem]$ bash2 [golem@localhost golem]$ nl darkknight.c 1 /* 2 The Lord of the BOF : The Fellowship of the BOF 3 - darkknight 4 - FPO 5 */ 6 #include 7 #include 8 void problem_child(char *src) 9 { 10 char buffer[40]; 11 strncpy(buffer, src, 41); 12 printf("%s\n", buffer); 13 } 14 main(int argc..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level11: Skeleton >> Golem

Level 11. Skeleton >> Golem Theme: Stack Destroyer 로그인 id : skeleton pw : shellcoder bash2 & 코드 확인 [skeleton@localhost skeleton]$ ls golem golem.c [skeleton@localhost skeleton]$ bash2 [skeleton@localhost skeleton]$ nl golem.c 1 /* 2 The Lord of the BOF : The Fellowship of the BOF 3 - golem 4 - stack destroyer 5 */ 6 #include 7 #include 8 extern char **environ; 9 main(int argc, char *argv[]) 10 {..

War Games/해커스쿨 LOB

[해커스쿨 LOB] Level10: Vampire >> Skeleton

Level 10. Vampire >> Skeleton Theme: argv hunter 로그인 id : vampire pw : music world bash2 & 코드확인 [vampire@localhost vampire]$ bash2 [vampire@localhost vampire]$ nl skeleton.c 1 /* 2 The Lord of the BOF : The Fellowship of the BOF 3 - skeleton 4 - argv hunter 5 */ 6 #include 7 #include 8 extern char **environ; 9 main(int argc, char *argv[]) 10 { 11 char buffer[40]; 12 int i, saved_argc; 13 if(argc..