๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
  • Tried. Failed. Logged.
๐Ÿ”’์ •๋ณด๋ณด์•ˆ/๋ฆฌ๋ฒ„์‹ฑ

๋ฆฌ๋ฒ„์‹ฑ - ๋ฐ”์ด๋„ˆ๋ฆฌ์— ์„ค์ •๋œ ๋ณดํ˜ธ ๊ธฐ๋ฒ• ํ™•์ธ(checksec)

by Janger 2023. 3. 26.
728x90

 

checksec -f {ํŒŒ์ผ}

 

  • RELRO(RELocation Read-Only): Read-Only ๊ถŒํ•œ ์„ค์ •์œผ๋กœ Write ๊ฐ€๋Šฅํ•œ์ง€ ์—ฌ๋ถ€
  • Stack Canary: Return Address Overwrite ์—ฌ๋ถ€ ํ™•์ธ
  • Stack Canary๋Š” ์นด๋‚˜๋ฆฌ๋ฅผ ํ†ตํ•ด ์Šคํƒ ์˜ค๋ฒ„ํ”Œ๋กœ์šฐ๋ฅผ ๊ฐ์ง€ํ•œ๋‹ค. 
  • NX(No-eXecute): NX๋ฅผ ์šฐํšŒํ•  ์ˆ˜ ์žˆ๋Š” ๊ฐ€์žฅ ๋Œ€ํ‘œ์ ์ธ ๋ฐฉ๋ฒ•์€ ROP(Return Oriented Programming)
  • NX(No-eXecute)๋Š” ์‰˜์ฝ”๋“œ ์‹คํ–‰์„ ๋ฐฉ์ง€ํ•œ๋‹ค. 
  • ASLR(Address Space Layout Randomization): ์‹คํ–‰๋  ๋•Œ๋งˆ๋‹ค ๋ฐ์ดํ„ฐ ์˜์—ญ(์Šคํƒ, ํž™, ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ ๋“ฑ)์˜ ์ฃผ์†Œ๋ฅผ ๋žœ๋ค์œผ๋กœ ๋ณ€๊ฒฝ

 

 

Windows์šฉ checksec

 

https://github.com/Wenzel/checksec.py/releases

 

Releases · Wenzel/checksec.py

Checksec tool in Python, Rich output. Based on LIEF - Wenzel/checksec.py

github.com

 

 

 

์ถœ์ฒ˜: 

https://hackyboiz.github.io/2021/10/27/y00n_nms/linux-mitigation/

 

hackyboiz

hack & life

hackyboiz.github.io

 

 

728x90

'๐Ÿ”’์ •๋ณด๋ณด์•ˆ > ๋ฆฌ๋ฒ„์‹ฑ' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

๋ฆฌ๋ฒ„์‹ฑ - go ์–ธ์–ด .exe ํŒŒ์ผ main ํ•จ์ˆ˜ ๋ฐ print ํ•จ์ˆ˜ ์ฐพ๊ธฐ  (0) 2024.03.07
๋ฆฌ๋ฒ„์‹ฑ - Bush hid the facts, ์œˆ๋„์šฐ XP ๋ฉ”๋ชจ์žฅ ๋ฒ„๊ทธ  (0) 2023.07.12
๋ฆฌ๋ฒ„์‹ฑ - ์˜จ๋ผ์ธ ์†Œ์Šค ์ฝ”๋“œ์—์„œ ์–ด์…ˆ๋ธ”๋ฆฌ ์ฝ”๋“œ๋กœ ๋ณ€ํ™˜(godbolt.org)  (0) 2023.04.17
๋ฆฌ๋ฒ„์‹ฑ - ์œˆ๋„์šฐ ์‰˜์ฝ”๋“œ ์‹คํ–‰ C์–ธ์–ด ์†Œ์Šค  (0) 2023.03.23
๋ฆฌ๋ฒ„์‹ฑ - ๋ฆฌ๋ฒ„์Šค ์ฝ”์–ด(ReverseCore)  (0) 2022.09.16

๊ด€๋ จ๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”