엮은이는 아는데요

[동영상 삽입 예정]

1. Overview 1. 소개 1-1. 강의 및 구성도 소개 1-2. 데모 1-3. 파일/이미지 다운로드 2. 가상 머신 설치 2-1. VMWARE WORKSTATION PRO 15 DOWNLOAD 2-2. VIRTUAL NETWORK SETTING 3. Ping이 되도록 구축 3-1. ATTACKER-ROUTER 3-2. ROUTER-FIREWALL 3-3. FIREWALL-IDS/IPS(NW)&IDS/IPS(HOST) 3-4. IDS/IPS(NW)-WAF 3-5. WAF-DMZ 3-6. DMZ(JS-LAB) 3-7. DMZ(JS-MAIL) 3-8. DMZ(JS-OS) 3-9. DMZ(JS-FTP) 3-10. IDS/IPS(HOST)-HOST 3-11. HOST(AD) 3-12. HOST(USER) ..

uaf.c #include #include typedef struct test{char *name[50];void (*greetings)(void *name);void (*bye)(void *name);}VULN; void *say_hello(void *name){printf("Hello! %s\n", (char*)name);} void *say_goodbye(void *name){printf("ByeBye! %s\n", (char*)name);} void main(){void *vuln_test;VULN *vuln = (char*)malloc(100); vuln->greetings = say_hello;vuln->bye = say_goodbye; printf("Input your name : ");sc..

heap2.c #include #include #include #include #include struct auth { char name[32]; int auth; }; struct auth *auth; char *service; int main(int argc, char **argv) { char line[128]; while(1) { printf("[ auth = %p, service = %p ]\n", auth, service); if(fgets(line, sizeof(line), stdin) == NULL) break; if(strncmp(line, "auth ", 5) == 0) { auth = malloc(sizeof(auth)); memset(auth, 0, sizeof(auth)); if(..

heap1.c #include #include #include #include #include struct internet { int priority; char *name; }; void winner() { printf("and we have a winner @ %d\n", time(NULL)); } int main(int argc, char **argv) { struct internet *i1, *i2, *i3; i1 = malloc(sizeof(struct internet)); i1->priority = 1; i1->name = malloc(8); i2 = malloc(sizeof(struct internet)); i2->priority = 2; i2->name = malloc(8); strcpy(i..

heap0.c #include #include #include #include #include struct data { char name[64]; }; struct fp { int (*fp)(); }; void winner() { printf("level passed\n"); } void nowinner() { printf("level has not been passed\n"); } int main(int argc, char **argv) { struct data *d; struct fp *f; d = malloc(sizeof(struct data)); f = malloc(sizeof(struct fp)); f->fp = nowinner; printf("data is at %p, fp is at %p\n..

format4.c #include #include #include #include int target; void hello() { printf("code execution redirected! you win\n"); _exit(1); } void vuln() { char buffer[512]; fgets(buffer, sizeof(buffer), stdin); printf(buffer); exit(1); } int main(int argc, char **argv) { vuln(); } 출처: http://liveoverflow.com/binary_hacking/protostar/format4.html 1. 문제 해결 및 분석 1-1. exploit할 위치 확인 vuln() 함수의 exit 부분을 hell..

format3.c #include #include #include #include int target; void printbuffer(char *string) { printf(string); } void vuln() { char buffer[512]; fgets(buffer, sizeof(buffer), stdin); printbuffer(buffer); if(target == 0x01025544) { printf("you have modified the target :)\n"); } else { printf("target is %08x :(\n", target); } } int main(int argc, char **argv) { vuln(); } 출처: http://liveoverflow.com/bi..

format2.c #include #include #include #include int target; void vuln() { char buffer[512]; fgets(buffer, sizeof(buffer), stdin); printf(buffer); if(target == 64) { printf("you have modified the target :)\n"); } else { printf("target is %d :(\n", target); } } int main(int argc, char **argv) { vuln(); } 출처: http://liveoverflow.com/binary_hacking/protostar/format2.html 1. 문제해결 및 분석 1-1. target 확인 ta..

format1.c #include #include #include #include int target; void vuln(char *string) { printf(string); if(target) { printf("you have modified the target :)\n"); } } int main(int argc, char **argv) { vuln(argv[1]); } 출처: http://liveoverflow.com/binary_hacking/protostar/format1.html 1. 문제 해결 및 분석 1-0. 포맷 스트링 위치 printf에서 포맷 스트링 버그를 발생시키면 된다. 즉 %x를 통해 스택에 있는 주소를 가져와서 argument까지 접근한다. %x를 반복하면 argument까..