1596, 1/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   (²Ä¼ö) L.O.B Çѹ濡 Ŭ¸®¾îÇϱâ

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8564 [º¹»ç]


ÇÊÀÚ°¡ LD_PRELOAD¿¡ ´ëÇØ ¿¬±¸Çϸ鼭 ¾Ë°Ô µÈ »ç½ÇÀε¥

my-pass ÆÄÀÏÀº ¸Å¿ì Ãë¾àÇÏ´Ù.

LD_PRELOAD´Â ȯ°æº¯¼ö Áß ÇϳªÀÌ´Ù.

ÇÁ·Î¼¼½º¸¦ ½ÇÇàÇÏ´Â °úÁ¤¿¡¼­ ¶óÀ̺귯¸®¸¦ ·ÎµùÇÒ ¶§,

LD_PRELOAD(ȯ°æº¯¼ö)°¡ ¼³Á¤ÀÌ µÇ¾îÀÖ´Ù¸é

ÇØ´ç º¯¼ö¿¡ ÁöÁ¤µÈ ¶óÀ̺귯¸®¸¦ ¸ÕÀú ·ÎµùÇÑ´Ù.

LD_PRELOAD ȯ°æº¯¼ö¿¡ ÀúÀåÇÏ´Â ¿©·¯°¡Áö ¹æ¹ý Áß ½©¿¡ µî·ÏÇÏ¿© »ç¿ëÇÏ´Â ¹æ¹ýÀÌ ÀÖ´Ù.

my-pass ÆÄÀÏÀº geteuid¸¦ Çؼ­ »ç¿ëÀÚÀÇ euid¿¡ ¸Â´Â Æнº¿öµå¸¦ Ãâ·ÂÇØÁØ´Ù.

±×·±µ¥ LD_PRELOAD¶ó´Â ȯ°æº¯¼ö´Â ƯÁ¤ÇÑ ÇÔ¼ö¸¦ ¹Ì¸® µî·ÏÇØ µÑ ¼ö ÀÖ´Ù.

±×·¸´Ù¸é ÀÌ LD_PRELOAD¶õ ¹«¾ùÀϱî?

¾Æ·¡´Â °£´ÜÇÏ°Ô ±¸±Û¸µÀ» ÇÏ¿©

ÇØ¿Ü »çÀÌÆ®¿¡¼­ ld_preload¿¡ ´ëÇØ Ã£¾Æº» ±ÛÀ» ÀοëÇÑ °ÍÀÌ´Ù.

========================================
.
.
.
Normally the Linux dynamic loader ld-linux (see ld-linux(8) man page) finds and loads the shared libraries needed by a program, prepare the program to run, and then run it. The shared libraries (shared objects) are loaded in whatever order the loader needs them in order to resolve symbols.
.
.
.

(Çؼ®)
.
.
.
º¸ÆíÀûÀ¸·Î ¸®´ª½º µ¿Àû ·Î´õ´Â ÇÁ·Î±×·¥¿¡ ÇÊ¿äÇÑ °øÀ¯ ¶óÀ̺귯¸®µéÀ»
ã°í ·ÎµåÇÏ¸ç ½ÇÇàÇÒ ÇÁ·Î±×·¥À» ÁغñÇÑ ´ÙÀ½ ½ÇÇàÇÑ´Ù.
°øÀ¯ ¶óÀ̺귯¸®´Â ±âÈ£¸¦ È®ÀÎÇϱâ À§ÇÏ¿© ·Î´õ°¡ ÇÊ¿äÇÑ ¼ø¼­´ë·Î ·ÎµåµÈ´Ù ±×¸®°í...
========================================







geteuid°¡ ¿øÇÏ´Â ´Ü°èÀÇ uid¸¦ ¸®ÅÏÇϵµ·Ï LD_PRELOAD¸¦ »ç¿ëÇؼ­ Á¶ÀÛÇÒ ¼ö ÀÖ´Ù.

±×·¯¸é my-pass´Â Á¶ÀÛµÈ geteuidÀÇ °á°ú¿¡ µû¶ó ´Ù¸¥ ¾ÆÀ̵ðÀÇ ºñ¹Ð¹øÈ£¸¦ ¹ñ¾î³¾ °ÍÀÌ´Ù.

---------------------
int geteuid(void);

int main(void)
{
        return geteuid();
}

int geteuid(void) {
    return 520;
}

--------------------

[gate@localhost gate]$ gcc -o geteuid -shared -fPIC geteuid.c
[gate@localhost gate]$ export LD_PRELOAD=./geteuid
[gate@localhost gate]$ my-pass















ÇÊÀÚ°¡ ÀÌ°ÍÀ» »ý°¢ÇÏ´Â µµÁß,

int geteuid(void)
{
    return 520;
}

ÀÌ·¸°Ô ¾²¸é mainÇÔ¼ö, Áï ½ÃÀÛÁ¡ÀÌ ¾ø´Ù°í ¿¡·¯¸¦ ¹ñ¾ú´Ù.

±×·¸´Ù¸é mainÇÔ¼ö¿¡¼­ ¼­ºêÇÔ¼ö¸¦ ¸¸µç´ÙÀ½ 520À» ¸®ÅÏÇÏ°í ±× °ªÀ»

mainÇÔ¼ö°¡ ¸®ÅÏÇϸé ÀÌ·¨´ø Àú·¨´ø 520À» ¸®ÅÏÇÑ´Ù´Â »ç½ÇÀº º¯ÇÔ¾øÁö ¾Ê´Â°¡?

¸ðµç ÇÁ·Î±×·¥Àº ½ÃÀÛÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

ÀϹÝÀûÀÎ C¾ð¾î¶ó¸é mainÇÔ¼ö°¡ ½ÃÀÛÁ¡ÀÌ µÇ´Âµ¥ (ÀÌ°ÍÀ» entry point¶ó°íµµ ÇÑ´Ù)

ÀÌ ½ÃÀÛÁ¡À» mainÀÌ ¾Æ´Ñ ´Ù¸¥ À̸§ÀÇ ÇÔ¼ö°¡ µÉ ¼ö ÀÖÀ»±î?

¶ó´Â °íÂûÀ» Çϸ鼭 °­Á´ ¿©±â±îÁö ¸¶Ä¡°Ú´Ù.


  Hit : 2039     Date : 2023/01/14 03:09



    
ÇØÅ·ÀßÇÏ°í½Í´Ù ¸¶Áö¸· ¹®´Ü¿¡ ¿ÀÇØÀÇ ¼ÒÁö°¡ Àֳ׿ä.
Windows API¿¡¼± WinMainÀÌ ½ÃÀÛÁ¡ÀÌ¶ó¼­ mainÇÔ¼ö¿Í À̸§ÀÌ ´Ù¸£±ä Çѵ¥
"gcc°°Àº ÄÜ¼Ö C¾ð¾î ÇÁ·Î±×·¡¹Ö¿¡¼­ mainÇÔ¼ö À̸§À» º¯°æÇÒ ¼ö ÀÖÀ»±î?"°¡ °íÂûÇÒ Á¡ÀÔ´Ï´Ù.
±¸±Û¸µÀ» Çؼ­ Çѹø ¾Ë¾ÆºÁ¾ß µÇ°Ú³×¿ä.
2023/01/15  
Àܵ¥½º ¤§ 2024/03/16  
     [°øÁö] °­Á¸¦ ¿Ã¸®½Ç ¶§´Â ¸»¸Ó¸®¸¦ ´Þ¾ÆÁÖ¼¼¿ä^¤Ñ^ [29] ¸Û¸Û 02/27 19447
1595   [pwnable.kr] Shellshock[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 96
1594   ShellshockÀÇ ±âº» ¿ä¾à     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 77
1593   [pwnable.kr] fd     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/23 70
1592   VPNÀÌ ¿¬°áµÇ¾ú´Ù°¡ µµÁß¿¡ ²¨µµ À¥ ºê¶ó¿ìÀú»ó¿¡¼­ À¯ÁöµÇ´Â ÀÌÀ¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 77
1591   ÇØÄ¿µéÀÌ ÇØÅ·½Ã »ç¿ëÇÏ´Â µð·ºÅ丮 °ø°£[1]     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/22 114
1590   Keyboard Hooking -part2 - (Python3 ver)     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 84
1589   [Windows API] Keyboard Hooking     ÇØÅ·ÀßÇÏ°í½Í´Ù
11/20 74
1588   [pwnable.kr] cmd1 °ø·«     ÇØÅ·ÀßÇÏ°í½Í´Ù
10/23 236
1587   netdiscover ÆÄÀ̽ãÀ¸·Î ±¸ÇöÇϱ⠠   ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 515
1586   ÆÄÀ̽ãÀ» ÀÌ¿ëÇÑ ½ÉÇà À¥ Å©·Ñ·¯     ÇØÅ·ÀßÇÏ°í½Í´Ù
08/13 407
1585   ÆÄÀ̽ã random¸ðµâÀ» ÀÌ¿ëÇÑ ¼ýÀÚ¸ÂÃ߱⠰ÔÀÓ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/30 956
1584   ÆÄÀ̽ã äÆà ÇÁ·Î±×·¥ ±¸Çö     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/28 845
1583   ÆÄÀ̽㠼ÒÄÏ ÇÁ·Î±×·¡¹ÖÀÇ ±âÃÊ     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/26 986
1582   ¸®´ª½º À¥ ·Î±× ºÐ¼®     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/20 675
1581   ¸®´ª½º/À©µµ¿ì º¸¾È Àåºñ ·Î±×     ÇØÅ·ÀßÇÏ°í½Í´Ù
05/20 824
1580   °í¼ö´ÔµéÀÇ µµ¿òÀ» ¹Þ°í ½Í½À´Ï´Ù     vbnm111
02/11 914
1579   ¸®´ª½º Ä¿³Î 2.6 ¹öÀü ÀÌÈÄÀÇ LKM     jdo
07/25 1429
1578   ½©ÄÚµå ¸ðÀ½     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/15 2305
1577   Call by value VS Call by Reference     ÇØÅ·ÀßÇÏ°í½Í´Ù
01/15 1605
1 [2][3][4][5][6][7][8][9][10]..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org