ii4gsp

#include #include #include #include #include /* gcc -o ch35 ch35.c -fno-stack-protector -no-pie -Wl,-z,relro,-z,now,-z,noexecstack */ void callMeMaybe(){ char *argv[] = { "/bin/bash", "-p", NULL }; execve(argv[0], argv, NULL); } int main(int argc, char **argv){ char buffer[256]; int len, i; scanf("%s", buffer); len = strlen(buffer); printf("Hello %s\n", buffer); return 0; } scanf()함수에서 취약점이 발생한다..

#include #include #include #include void shell() { setreuid(geteuid(), geteuid()); system("/bin/bash"); } void sup() { printf("Hey dude ! Waaaaazzaaaaaaaa ?!\n"); } void main() { int var; void (*func)()=sup; char buf[128]; fgets(buf,133,stdin); func(); } fgets()함수에서 취약점이 발생한다. ssh -p 2222 app-systeme-ch15@challenge02.root-me.org password: app-systeme-ch15 ssh서버에 접속해주자. buf 128byte를 채우고 shell()함수..

#include #include #include #include int main() { int var; int check = 0x04030201; char buf[40]; fgets(buf,45,stdin); printf("\n[buf]: %s\n", buf); printf("[check] %p\n", check); if ((check != 0x04030201) && (check != 0xdeadbeef)) printf ("\nYou are on the right way!\n"); if (check == 0xdeadbeef) { printf("Yeah dude! You win!\nOpening your shell...\n"); setreuid(geteuid(), geteuid()); system("/bi..