๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Welcome.
:: BoB 11๊ธฐ ๐Ÿšฉ/Topics

[ vuln ] - [ Buffer overflow, bof, ]

by EunBird 2022. 7. 15.



pwngdb> disass main

Dump of assembler code for function main:
 0x00005555555546e6 <+0>: push rbp ;  ํ”„๋กค๋กœ๊ทธ - ํ•จ์ˆ˜์˜ ์‹œ์ž‘์— ํ•ญ์ƒ ์œ„์น˜. ...[1]
 0x00005555555546e7 <+1>: mov rbp,rsp ; ํ”„๋กค๋กœ๊ทธ.
 0x00005555555546ea <+4>: sub rsp,0x90 ; 0x90๋งŒํผ์˜ ๊ณต๊ฐ„(144๋งŒํผ) ์ƒ์„ฑ. ...[2]
//…
 0x0000555555554734 <+78>: mov rsi,rdx
 0x0000555555554737 <+81>: mov rdi,rax
 0x000055555555473a <+84>: call 0x55555555468a <vuln> ; vuln์ด๋ผ๋Š” ํ•จ์ˆ˜ ํ˜ธ์ถœ...[3] - [6]
 0x000055555555473f <+89>: lea rdi,[rip+0x9e] # 0x5555555547e4 ; 
 0x0000555555554746 <+96>: call 0x555555554550 <puts@plt>
 0x000055555555474b <+101>: mov eax,0x0
 0x0000555555554750 <+106>: leave
=> 0x0000555555554751 <+107>: ret 
End of assembler dump.


Dump of assembler code for function vuln: ; vulnํ•จ์ˆ˜! ...[4]
//…
 0x00005555555546df <+85>: add rsp,0x28
 0x00005555555546e3 <+89>: pop rbx
 0x00005555555546e4 <+90>: pop rbp
 0x00005555555546e5 <+91>: ret ; ret == JMP RSP ๋ฆฌํ„ด ์ฃผ์†Œ!...[5]

 

./vuln `perl -e 'print "X"x144'`  # == ./vuln `perl -e 'print"XXXXXXXXXXX ~144๊ฐœ~ XXXXXXXXXXXX"'`

 

 

728x90
์ €์ž‘์žํ‘œ์‹œ ๋น„์˜๋ฆฌ ๋ณ€๊ฒฝ๊ธˆ์ง€

':: BoB 11๊ธฐ ๐Ÿšฉ > Topics' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[ vuln ] - [ Integer overflow ]  (0) 2022.07.15
[ vuln ] - [ BoF - Stack Canary, Heap based ]  (0) 2022.07.15
[ vuln ] - [ Time of Check to Time of Use(toctou), Race condition ]  (0) 2022.07.15
[ Cryto ] - AES ์•”ํ˜ธ  (0) 2022.07.13
[๋ณด์•ˆ์ œํ’ˆ๊ฐœ๋ฐœ] - [git upload]  (0) 2022.07.03

๊ด€๋ จ๊ธ€

๋Œ“๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”