๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
728x90

๐Ÿ”’์ •๋ณด๋ณด์•ˆ/๋ฆฌ๋ฒ„์‹ฑ6

๋ฆฌ๋ฒ„์‹ฑ - go ์–ธ์–ด .exe ํŒŒ์ผ main ํ•จ์ˆ˜ ๋ฐ print ํ•จ์ˆ˜ ์ฐพ๊ธฐ main ํ•จ์ˆ˜ ์ฐพ์€ ๋ฐฉ๋ฒ• IDA์—์„œ ํ•จ์ˆ˜ ๋ชฉ๋ก์„ ๋ณด๋‹ˆ๊น main_main์ด ๊ทธ๋Œ€๋กœ ๋…ธ์ถœ๋˜์–ด ์žˆ์—ˆ์Œ (x64dbg์—๋„ ida์ฒ˜๋Ÿผ ์„œ๋ธŒ๋ฃจํ‹ด์„ ๋ฆฌ์ŠคํŠธํ™”ํ•˜๋Š” ๊ธฐ๋Šฅ์ด ์žˆ์—ˆ์œผ๋ฉด ์ข‹๊ฒ ๋‹ค.. ) x64dbg์—์„œ๋Š” ํ•จ์ˆ˜๋“ค์„ ์ฐพ๊ธฐ ์–ด๋ ค์› ๋Š”๋ฐ ์ฝ”๋“œ๋ฅผ ํ•œ์ค„ํ•œ์ค„์”ฉ ์ฒœ์ฒœํžˆ ์‹คํ–‰์„ ํ•˜๋ฉด ์Šค๋ ˆ๋“œ ๋ฌธ์ œ์ธ์ง€ ์ž๊พธ ์˜ˆ์™ธ ์˜ค๋ฅ˜๊ฐ€ ๋œฌ๋‹ค.. (์ฐพ์•„๋ณด๋‹ˆ๊น SEH: Structured Exception Handling๋ผ๋Š” ๊ฒƒ ๊ฐ™๋‹ค. ์ฃผ๋กœ ์ž˜๋ชป๋œ ๋ฉ”๋ชจ๋ฆฌ๋ฅผ ์ฐธ์กฐํ•˜๋Š” ๊ฒฝ์šฐ ๋ฐœ์ƒ) Exception 0x80000004 0x0 0x0 0x623c1d PC=0x623c1d runtime.mstart0() C:/Program Files/Go/src/runtime/proc.go:1553 +0x5d fp=0x74521ffb38 sp=0x74521ffb10 pc=.. 2024. 3. 7.
๋ฆฌ๋ฒ„์‹ฑ - Bush hid the facts, ์œˆ๋„์šฐ XP ๋ฉ”๋ชจ์žฅ ๋ฒ„๊ทธ ๋ฌธ์ œ ํ™•์ธ 1. ๋ฉ”๋ชจ์žฅ์„ ์ƒˆ๋กœ ๋งŒ๋“ค์–ด์„œ ์•ˆ์— "Bush hid the facts"๋ฅผ ์ž…๋ ฅํ•œ๋‹ค. "๋ถ€์‹œ ๋Œ€ํ†ต๋ น์€ ์ง„์‹ค์„ ์ˆจ๊ธฐ๊ณ  ์žˆ๋‹ค"๋ผ๋Š” ๋œป์˜ ์‹ฌ์˜คํ•œ(?) ๋‚ด์šฉ์ด๋‹ค. 2. ๋ฉ”๋ชจ์žฅ์„ ์ €์žฅํ•œ ํ›„์— ๋‹ค์‹œ ํŒŒ์ผ์˜ ๋‚ด์šฉ์„ ๋“ค์—ฌ๋‹ค๋ณธ๋‹ค. ๊ทธ๋Ÿฌ์ž ๋ณธ๋ž˜ ๋‚ด์šฉ์ด ์—†์–ด์ง€๊ณ  ๊ธ€์ž๊ฐ€ ๊นจ์ ธ์„œ ๋‚˜์˜จ๋‹ค. ๋ฌธ์ œ ๋ถ„์„ 1. ํ˜น์‹œ๋‚˜ ๋ฉ”๋ชจ์žฅ์—์„œ ๋ฐœ์ƒํ•˜๋Š” ์˜ค๋ฅ˜ ์•„๋‹๊นŒ ํ•˜๊ณ  cmd ์ฐฝ์—์„œ type ๋ช…๋ น์–ด๋กœ ํŒŒ์ผ์˜ ๋‚ด์šฉ์„ ํ™•์ธํ•ด ๋ณด์•˜๋‹ค. ํ™•์ธํ•ด๋ณธ ๊ฒฐ๊ณผ ์‹ค์ œ ํŒŒ์ผ์˜ ๋‚ด์šฉ์€ ๊ทธ๋Œ€๋กœ์ธ๊ฑธ ๋ณด์•„ ๋ฉ”๋ชจ์žฅ์—์„œ ์ƒ๊ธฐ๋Š” ์˜ค๋ฅ˜์ธ ๊ฒƒ์ด๋‹ค. 2. ๊นจ์ง„ ํŒŒ์ผ์„ (B.txt๋กœ) ์ €์žฅํ•˜๊ณ  ํ—ฅ์Šค ์—๋””ํ„ฐ๋กœ ๋ถ„์„ํ•ด๋ณธ๋‹ค. ๋ถ„์„์„ ํ•ด๋ณด๋ฉด ์›๋ณธ์ธ A.txt๋Š” ๋‚ด์šฉ์ด ์ž˜ ์ €์žฅ๋˜์žˆ๋Š” ๋ฐ˜๋ฉด B.txt๋Š” ๋‚ด์šฉ ์•ž์— FF FE๋ผ๋Š” ํŒŒ์ผ ํ—ค๋”๊ฐ€ ๋“ค์–ด๊ฐ€๊ฒŒ ๋œ๋‹ค. ํ™•์ธํ•ด ๋ณธ ๊ฒฐ๊ณผ FF FE๋Š” UT.. 2023. 7. 12.
๋ฆฌ๋ฒ„์‹ฑ - ์˜จ๋ผ์ธ ์†Œ์Šค ์ฝ”๋“œ์—์„œ ์–ด์…ˆ๋ธ”๋ฆฌ ์ฝ”๋“œ๋กœ ๋ณ€ํ™˜(godbolt.org) https://godbolt.org/ Compiler Explorer godbolt.org ์ฐธ๊ณ : https://www.youtube.com/watch?v=gPsYkV7-yJk 2023. 4. 17.
๋ฆฌ๋ฒ„์‹ฑ - ๋ฐ”์ด๋„ˆ๋ฆฌ์— ์„ค์ •๋œ ๋ณดํ˜ธ ๊ธฐ๋ฒ• ํ™•์ธ(checksec) checksec -f {ํŒŒ์ผ} RELRO(RELocation Read-Only): Read-Only ๊ถŒํ•œ ์„ค์ •์œผ๋กœ Write ๊ฐ€๋Šฅํ•œ์ง€ ์—ฌ๋ถ€ Stack Canary: Return Address Overwrite ์—ฌ๋ถ€ ํ™•์ธ Stack Canary๋Š” ์นด๋‚˜๋ฆฌ๋ฅผ ํ†ตํ•ด ์Šคํƒ ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ๋ฅผ ๊ฐ์ง€ํ•œ๋‹ค. NX(No-eXecute): NX๋ฅผ ์šฐํšŒํ•  ์ˆ˜ ์žˆ๋Š” ๊ฐ€์žฅ ๋Œ€ํ‘œ์ ์ธ ๋ฐฉ๋ฒ•์€ ROP(Return Oriented Programming) NX(No-eXecute)๋Š” ์‰˜์ฝ”๋“œ ์‹คํ–‰์„ ๋ฐฉ์ง€ํ•œ๋‹ค. ASLR(Address Space Layout Randomization): ์‹คํ–‰๋  ๋•Œ๋งˆ๋‹ค ๋ฐ์ดํ„ฐ ์˜์—ญ(์Šคํƒ, ํž™, ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ ๋“ฑ)์˜ ์ฃผ์†Œ๋ฅผ ๋žœ๋ค์œผ๋กœ ๋ณ€๊ฒฝ Windows์šฉ checksec https://github.com/Wenzel/che.. 2023. 3. 26.
๋ฆฌ๋ฒ„์‹ฑ - ์œˆ๋„์šฐ ์‰˜์ฝ”๋“œ ์‹คํ–‰ C์–ธ์–ด ์†Œ์Šค #include #include int main(void){ char shellcode[] = {0x00,}; void *exec = VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(exec, shellcode, sizeof shellcode); ((void(*)())exec)(); return 0; } 2023. 3. 23.
๋ฆฌ๋ฒ„์‹ฑ - ๋ฆฌ๋ฒ„์Šค ์ฝ”์–ด(ReverseCore) https://reversecore.com/18?category=216978 PE(Portable Executable) File Format (1) - PE Header Introduction Windows ์šด์˜์ฒด์ œ์˜ PE(Portable Executable) File Format ์— ๋Œ€ํ•ด์„œ ์•„์ฃผ ์ƒ์„ธํžˆ ๊ณต๋ถ€ํ•ด ๋ณด๋„๋ก ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค. PE format ์„ ๊ณต๋ถ€ํ•˜๋ฉด์„œ Windows ์šด์˜์ฒด์ œ์˜ ๊ฐ€์žฅ ํ•ต์‹ฌ์ ์ธ ๋ถ€๋ถ„์ธ Process, Memory, D.. reversecore.com ๋ฆฌ๋ฒ„์‹ฑ ํ•ต์‹ฌ ์›๋ฆฌ ์ €์ž๋ถ„์ด ์šด์˜ํ•˜์‹œ๋Š” ๋ธ”๋กœ๊ทธ์ธ๋ฐ ์šด์˜์ฒด์ œ์˜ ๊ตฌ์กฐ ์›๋ฆฌ(PE)์™€ DLL Injection, API Hooking๊ณผ ๊ฐ™์€ ์ž์„ธํ•œ ํ•ดํ‚น ๊ธฐ๋ฒ•์˜ ์›๋ฆฌ๋„ ์ž˜ ์„ค๋ช…์ด ๋˜์–ด์žˆ๋‹ค. 2022. 9. 16.
728x90

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”