article thumbnail image
Published 2022. 7. 30. 17:57

[ Pwnable.kr ] fd

๐™‹๐™ฌ๐™ฃ๐™–๐™—๐™ก๐™š ๐Ÿ’ป/Pwnable.kr WriteUp
728x90

ใ„ฑใ…‡ใ…‡

Mommy! what is a file descriptor in Linux?

* try to play the wargame your self but if you are ABSOLUTE beginner,
follow this tutorial link: https://youtu.be/971eZhMHQQw

ssh fd@pwnable.kr -p2222 (pw:guest)

File Discriptor ๊ด€๋ จ ๋ฌธ์ œ์ธ ๊ฒƒ ๊ฐ™๋‹ค.

 

์šฐ์„  File Descriptor์— ๋Œ€ํ•ด ์•Œ์•„๋ณด์ž.

File Descriptor(FD)๋ž€?

Linux or Unix ๊ณ„์—ด์˜ ์‹œ์Šคํ…œ์—์„œ ํ”„๋กœ์„ธ์Šค๊ฐ€ ํŒŒ์ผ์„ ๋‹ค๋ฃฐ ๋•Œ ์‚ฌ์šฉํ•˜๋Š” ๊ฐœ๋…์ด๋‹ค.
ํ”„๋กœ์„ธ์Šค์—์„œ ํŠน์ • ํŒŒ์ผ์— ์ ‘๊ทผํ•  ๋•Œ ์‚ฌ์šฉํ•˜๋Š” ์ถ”์ƒ์ ์ธ ๊ฐ’์ด๋‹ค.

๊ธฐ๋ณธ์ ์œผ๋กœ ํ• ๋‹น๋˜๋Š” FD๋Š” ํ‘œ์ค€์ž…๋ ฅ(stdin), ํ‘œ์ค€์ถœ๋ ฅ(stdout), ํ‘œ์ค€์—๋Ÿฌ(stderr)๋กœ ๊ฐ๊ฐ 0, 1, 2๋ผ๋Š” ์ •์ˆ˜๊ฐ€ ํ• ๋‹น๋œ๋‹ค

๋ฌธ์ œ์— ์ ‘์†ํ•ด๋ณด์ž.

ls ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•ด ๋””๋ ‰ํ„ฐ๋ฆฌ ๋‚ด์šฉ ๋ชฉ๋ก์„ ํ™•์ธํ•ด๋ณด์ž.

fd / fd.c / flag ํŒŒ์ผ์ด ๋ณด์ธ๋‹ค.

fd.c ํŒŒ์ผ์„ ํ™•์ธํ•ด๋ณด์ž.

์ฝ”๋“œ๋ฅผ ์ฝ์–ด๋ณด์ž.

 

argc(์ธ์ž์˜ ๊ฐœ์ˆ˜)๊ฐ€ 2๋ณด๋‹ค ์ž‘์œผ๋ฉด ํ”„๋กœ๊ทธ๋žจ์ด ์ข…๋ฃŒ๋˜๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค.

 

fd๋Š” atoi(argv[1])์—์„œ 0x1234 ๋บ€ ๊ฐ’์„ ๊ฐ€์ง„๋‹ค.

    - atoi ํ•จ์ˆ˜๋Š” 10์ง„๋ฒ•์œผ๋กœ ํ‘œ๊ธฐ๋œ ๋ฌธ์ž์—ด์„ ์ •์ˆ˜๋กœ ๋ฐ”๊พธ๋Š” ํ•จ์ˆ˜์ด๋‹ค.

 

read ํ•จ์ˆ˜๋Š” 3๊ฐœ์˜ ์ธ์ž๋ฅผ ๊ฐ€์ง€๋Š”๋ฐ ์ฒซ ๋ฒˆ์งธ ์ธ์ž๋Š” FD, ๋‘ ๋ฒˆ์งธ ์ธ์ž๋Š” ์ฝ์€ ๋ฐ์ดํ„ฐ๋ฅผ ์ €์žฅํ•  ๊ณต๊ฐ„, ์„ธ ๋ฒˆ์งธ ์ธ์ž๋Š” ์ฝ์„ ํฌ๊ธฐ์ด๋‹ค. 

 

๋งŒ์•ฝ buf์— ์ €์žฅ๋œ ๊ฐ’์ด LETMEWIN\n๊ณผ ์ผ์น˜ํ•˜๋ฉด flag๋ฅผ ์ถœ๋ ฅํ•˜๊ณ  ํ”„๋กœ๊ทธ๋žจ์„ ์ข…๋ฃŒํ•œ๋‹ค.

 

๋‘ ๋ฒˆ์งธ ์ธ์ž๋ฅผ 0x1234์— 10์ง„์ˆ˜์ธ 4660์„ ์ฃผ์–ด์„œ read ํ•จ์ˆ˜๊ฐ€ 0(ํ‘œ์ค€์ž…๋ ฅ)์œผ๋กœ ์‹คํ–‰๋˜๋„๋ก fd ํŒŒ์ผ์„ ์‹คํ–‰ํ•˜๊ณ , "LETMEWIN"์„ ์ž…๋ ฅํ•ด์ฃผ์ž.

flag๊ฐ€ ์ถœ๋ ฅ๋œ ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

FALG : mommy! I think I know what a file descriptor is!!

728x90

'๐™‹๐™ฌ๐™ฃ๐™–๐™—๐™ก๐™š ๐Ÿ’ป > Pwnable.kr WriteUp' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[ Pwnable.kr ] bof  (0) 2022.08.01
[ Pwnable.kr ] collision  (0) 2022.07.31
๋ณต์‚ฌํ–ˆ์Šต๋‹ˆ๋‹ค!

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”