level gate -> 1 [gate@localhost gate]$ cat gremlin.c/* The Lord of the BOF : The Fellowship of the BOF - gremlin - simple BOF */ int main(int argc, char *argv[]) { char buffer[256]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer); } (gdb) disas mainDump of assembler code for function main:0x8048430 :push %ebp0x8048431 :mov %ebp,%esp0x8048433 :sub %esp,0x100//256b.. 더보기 dynamic linker dynamic linker의 내부 구조https://web.archive.org/web/20081215162517/http://x82.inetcop.org/h0me/papers/FC_exploit/relocation.txt dynamic section 덮어쓰기를 이용한 exphttp://pwn3r.tistory.com/entry/Docs-Reusing-Dynamic-Linker-for-Exploitation _dl_runtime_resolver의 함수 정보 조작을 통한 exphttp://gooverto.tistory.com/entry/Return-To-DL-Exploitation 더보기 vdso What is linux-gate.so.1? - by Johan Petersson 요즘 linux desktop에서 ldd를 때려보면 linux-gate.so.1이라는 파일이 보인다. [tolkien@tolkien tmp]$ ldd /bin/ls linux-gate.so.1 => (0xb7f84000) librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7f66000) libselinux.so.1 => /lib/libselinux.so.1 (0xb7f4d000) libacl.so.1 => /lib/libacl.so.1 (0xb7f45000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7df6000) libpthread.so.0 =>.. 더보기 이전 1 ··· 19 20 21 22 23 24 25 ··· 27 다음